You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by cw...@apache.org on 2021/05/07 08:22:34 UTC
[druid] branch 0.21.1 updated: Suppressing false positive
CVE-2020-7791 (#11215) (#11217)
This is an automated email from the ASF dual-hosted git repository.
cwylie pushed a commit to branch 0.21.1
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/0.21.1 by this push:
new db67938 Suppressing false positive CVE-2020-7791 (#11215) (#11217)
db67938 is described below
commit db679380a0ef14160e5bfcb335eff74b4e7b99ae
Author: Clint Wylie <cw...@apache.org>
AuthorDate: Fri May 7 01:22:20 2021 -0700
Suppressing false positive CVE-2020-7791 (#11215) (#11217)
* suppressing false positive CVE-2020-7791
* add comments
Co-authored-by: Maytas Monsereenusorn <ma...@apache.org>
---
owasp-dependency-check-suppressions.xml | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml
index 30147fb..5326442 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -158,6 +158,14 @@
<cve>CVE-2019-17195</cve>
</suppress>
<suppress>
+ <!-- This CVE is a false positive. The CVE is not for apacheds-i18n -->
+ <notes><![CDATA[
+ file name: apacheds-i18n-2.0.0-M15.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.directory\.server/apacheds\-i18n@.*$</packageUrl>
+ <cve>CVE-2020-7791</cve>
+ </suppress>
+ <suppress>
<!-- TODO: Fix by using com.datastax.oss:java-driver-core instead of com.netflix.astyanax:astyanax in extensions-contrib/cassandra-storage -->
<notes><![CDATA[
file name: libthrift-0.6.1.jar
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org