You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2022/08/11 13:59:00 UTC

[jira] [Updated] (NIFI-10346) Update OWASP Dependency Check Suppressions

     [ https://issues.apache.org/jira/browse/NIFI-10346?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Handermann updated NIFI-10346:
------------------------------------
    Status: Patch Available  (was: Open)

> Update OWASP Dependency Check Suppressions
> ------------------------------------------
>
>                 Key: NIFI-10346
>                 URL: https://issues.apache.org/jira/browse/NIFI-10346
>             Project: Apache NiFi
>          Issue Type: Task
>          Components: Documentation &amp; Website
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Minor
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> The OWASP Dependency Check Plugin version 7.1.1 marks several libraries as vulnerable when the vulnerability applies to server components, but not client components. In other cases, the plugin associates vulnerabilities with a different product based on similar naming. The Suppressions configuration should be updated to note and suppress these findings.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)