You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@jackrabbit.apache.org by kw...@apache.org on 2022/07/05 06:03:00 UTC

[jackrabbit-filevault] branch master updated: releng: ignore false-positive detected by dependency-check

This is an automated email from the ASF dual-hosted git repository.

kwin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jackrabbit-filevault.git


The following commit(s) were added to refs/heads/master by this push:
     new 9154eac7 releng: ignore false-positive detected by dependency-check
9154eac7 is described below

commit 9154eac7ffd8ae349ec7607a231ecc2d238f4829
Author: Konrad Windszus <kw...@apache.org>
AuthorDate: Tue Jul 5 08:02:55 2022 +0200

    releng: ignore false-positive detected by dependency-check
---
 suppressions.xml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/suppressions.xml b/suppressions.xml
index 95a81f1a..79325050 100644
--- a/suppressions.xml
+++ b/suppressions.xml
@@ -43,4 +43,12 @@
        <packageUrl regex="true">^pkg:maven/org\.apache\.jackrabbit/oak-.*@.*$</packageUrl>
        <cpe>cpe:/a:apache:xml_security_for_java</cpe>
     </suppress>
+    <suppress>
+       <notes><![CDATA[
+       false positive: org.apache.sling.jcr.api-2.0.4.jar only Sling API and Sling Commons Logging affected
+       ]]></notes>
+       <packageUrl regex="true">^pkg:maven/org\.apache\.sling/org\.apache\.sling\.jcr\.api@.*$</packageUrl>
+       <cve>CVE-2022-32549</cve>
+    </suppress>
+    
 </suppressions>
\ No newline at end of file