[jira] [Commented] (TOBAGO-2084) CVE suppression for Tobago 5

Dennis Kieselhorst (Jira) Sun, 30 May 2021 21:43:07 -0700


    [ 
https://issues.apache.org/jira/browse/TOBAGO-2084?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17354216#comment-17354216
 ]


Dennis Kieselhorst commented on TOBAGO-2084:
--------------------------------------------

Why do we require a checkstyle suppression for CVE-2021-23343 path-parse? 
https://nvd.nist.gov/vuln/detail/CVE-2021-23343 mentions that it's fixed in 
1.0.7, can't we just use that version?


> CVE suppression for Tobago 5
> ----------------------------
>
>                 Key: TOBAGO-2084
>                 URL: https://issues.apache.org/jira/browse/TOBAGO-2084
>             Project: MyFaces Tobago
>          Issue Type: Task
>          Components: Build
>            Reporter: Udo Schnurpfeil
>            Assignee: Udo Schnurpfeil
>            Priority: Minor
>             Fix For: 4.5.4, 5.0.0
>
>
> Split CVE suppression list between Tobago 4 and 5
> Also:
>  * add CVE suppression for npm path-parse



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (TOBAGO-2084) CVE suppression for Tobago 5

Reply via email to