Re: [knox] branch master updated: OWASP false positives

Fri, 21 Dec 2018 05:16:43 -0800 

Ah nice :) Thanks!

Kevin Risden

On Fri, Dec 21, 2018 at 7:07 AM Colm O hEigeartaigh <[email protected]> wrote:
>
> FYI I've already raised most of these here:
> https://github.com/jeremylong/DependencyCheck/issues
>
> Colm.
>
> On Fri, Dec 21, 2018 at 3:22 AM <[email protected]> wrote:
>
> > This is an automated email from the ASF dual-hosted git repository.
> >
> > krisden pushed a commit to branch master
> > in repository https://gitbox.apache.org/repos/asf/knox.git
> >
> >
> > The following commit(s) were added to refs/heads/master by this push:
> >      new 89fcabe  OWASP false positives
> > 89fcabe is described below
> >
> > commit 89fcabec45c2a80fa2f352a638a8b0110a2eaf92
> > Author:
Kevin Risden <[email protected]>
> > AuthorDate: Thu Dec 20 22:21:59 2018 -0500
> >
> >     OWASP false positives
> >
> >     Signed-off-by: Kevin Risden <[email protected]>
> > ---
> >  .../resources/build-tools/dependency-check/suppressions.xml   | 11
> > +++++++++++
> >  1 file changed, 11 insertions(+)
> >
> > diff --git
> > a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> > b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> > index ed557c9..5074ddd 100644
> > ---
> > a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> > +++
> > b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> > @@ -32,6 +32,12 @@ limitations under the License.
> >          <cve>CVE-2015-3250</cve> <!-- Already past 1.0.0-M30 -->
> >      </suppress>
> >      <suppress>
> > +        <notes><![CDATA[file name: apacheds-.*.jar]]></notes>
> > +        <gav
> > regex="true">^org\.apache\.directory\.server:apacheds-.*$</gav>
> > +        <cpe>cpe:/a:apache:apache_http_server</cpe>
> > +        <cpe>cpe:/a:net-ldap_project:net-ldap</cpe>
> > +    </suppress>
> > +    <suppress>
> >          <notes><![CDATA[file name: gateway-.*.jar]]></notes>
> >          <gav regex="true">^org\.apache\.knox:gateway-.*:.*$</gav>
> >          <cpe>cpe:/a:apache:ambari</cpe>
> > @@ -94,6 +100,11 @@ limitations under the License.
> >          <cpe>cpe:/a:openid:openid</cpe>
> >      </suppress>
> >      <suppress>
> > +        <notes><![CDATA[slf4j-ext and EventData not used]]></notes>
> > +        <gav regex="true">^org\.slf4j:.*$</gav>
> > +        <cve>CVE-2018-8088</cve>
> > +    </suppress>
> > +    <suppress>
> >          <notes><![CDATA[file name: xz-.*.jar]]></notes>
> >          <gav regex="true">^org\.tukaani:xz:.*$</gav>
> >          <cve>CVE-2015-4035</cve>
> >
> >
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com

Reply via email to