You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by su...@apache.org on 2022/04/19 03:00:12 UTC
[druid] branch master updated: Suppress CVE-2021-43138 (#12437)
This is an automated email from the ASF dual-hosted git repository.
suneet pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/master by this push:
new 691e26d242 Suppress CVE-2021-43138 (#12437)
691e26d242 is described below
commit 691e26d2429cd81afef092dbda32e24ad56bb510
Author: Jihoon Son <ji...@apache.org>
AuthorDate: Mon Apr 18 20:00:06 2022 -0700
Suppress CVE-2021-43138 (#12437)
* Suppress CVE-2021-43138
* revert netty 3.10.5.Final
---
owasp-dependency-check-suppressions.xml | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml
index be02807ca3..abc05abead 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -470,4 +470,13 @@
]]></notes>
<cve>CVE-2021-43045</cve>
</suppress>
+
+ <suppress>
+ <!-- False alarm for the Async javascript library (https://github.com/caolan/async) which is a dev dependency for the web console -->
+ <notes><![CDATA[
+ file name: async-http-client-netty-utils-2.5.3.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.asynchttpclient/async-http-client-netty-utils@2.5.3$</packageUrl>
+ <cve>CVE-2021-43138</cve>
+ </suppress>
</suppressions>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org