[
https://issues.apache.org/jira/browse/NIFI-10346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17582028#comment-17582028
]
ASF subversion and git services commented on NIFI-10346:
--------------------------------------------------------
Commit d2dbaa3c62124598e2077c44e81d23d8faa1ffcf in nifi's branch
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=d2dbaa3c62 ]
NIFI-10346 Added OWASP Dependency Check Suppressions
- Suppressed Apache Calcite vulnerabilities not applicable to Calcite Avatica
subproject
- Suppressed HBase server vulnerabilities not applicable to client libraries
- Suppressed several mismatched product vulnerabilities
This closes #6290
Signed-off-by: Paul Grey <[email protected]>
> Update OWASP Dependency Check Suppressions
> ------------------------------------------
>
> Key: NIFI-10346
> URL: https://issues.apache.org/jira/browse/NIFI-10346
> Project: Apache NiFi
> Issue Type: Task
> Components: Documentation & Website
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Minor
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> The OWASP Dependency Check Plugin version 7.1.1 marks several libraries as
> vulnerable when the vulnerability applies to server components, but not
> client components. In other cases, the plugin associates vulnerabilities with
> a different product based on similar naming. The Suppressions configuration
> should be updated to note and suppress these findings.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
