You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@myfaces.apache.org by lo...@apache.org on 2021/06/23 13:31:30 UTC

[myfaces-build-tools] branch master updated: feat: CVE suppression for Tobago 5

This is an automated email from the ASF dual-hosted git repository.

lofwyr pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/myfaces-build-tools.git


The following commit(s) were added to refs/heads/master by this push:
     new 8429385  feat: CVE suppression for Tobago 5
8429385 is described below

commit 84293853c8bee994d05efba92fae85b24fc52e11
Author: Udo Schnurpfeil <ud...@irian.eu>
AuthorDate: Wed Jun 23 15:27:48 2021 +0200

    feat: CVE suppression for Tobago 5
    
    further dependencies, but only used at build time
    
    issue: TOBAGO-2084
---
 .../tobago/dependency-check-suppression-for-tobago-4.x.xml       | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-4.x.xml b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-4.x.xml
index 812717a..5cecbc7 100644
--- a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-4.x.xml
+++ b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-4.x.xml
@@ -1,7 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd"
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-              xsi:schemaLocation="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+              xsi:schemaLocation="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+  <suppress>
+    <notes><![CDATA[ file name: jdom2-2.0.6.jar ]]></notes>
+    <packageUrl regex="true">^pkg:maven/org\.jdom/jdom2@.*$</packageUrl>
+    <cve>CVE-2021-33813</cve>
+  </suppress>
   <suppress>
     <notes><![CDATA[ file name: xbean-asm6-shaded-4.5.jar ]]></notes>
     <gav regex="true">^org\.apache\.xbean:xbean-asm6-shaded:.*$</gav>