You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by kw...@apache.org on 2022/07/05 06:03:00 UTC
[jackrabbit-filevault] branch master updated: releng: ignore false-positive detected by dependency-check
This is an automated email from the ASF dual-hosted git repository.
kwin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jackrabbit-filevault.git
The following commit(s) were added to refs/heads/master by this push:
new 9154eac7 releng: ignore false-positive detected by dependency-check
9154eac7 is described below
commit 9154eac7ffd8ae349ec7607a231ecc2d238f4829
Author: Konrad Windszus <kw...@apache.org>
AuthorDate: Tue Jul 5 08:02:55 2022 +0200
releng: ignore false-positive detected by dependency-check
---
suppressions.xml | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/suppressions.xml b/suppressions.xml
index 95a81f1a..79325050 100644
--- a/suppressions.xml
+++ b/suppressions.xml
@@ -43,4 +43,12 @@
<packageUrl regex="true">^pkg:maven/org\.apache\.jackrabbit/oak-.*@.*$</packageUrl>
<cpe>cpe:/a:apache:xml_security_for_java</cpe>
</suppress>
+ <suppress>
+ <notes><![CDATA[
+ false positive: org.apache.sling.jcr.api-2.0.4.jar only Sling API and Sling Commons Logging affected
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.sling/org\.apache\.sling\.jcr\.api@.*$</packageUrl>
+ <cve>CVE-2022-32549</cve>
+ </suppress>
+
</suppressions>
\ No newline at end of file