You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2021/06/23 13:31:30 UTC
[myfaces-build-tools] branch master updated: feat: CVE suppression
for Tobago 5
This is an automated email from the ASF dual-hosted git repository.
lofwyr pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/myfaces-build-tools.git
The following commit(s) were added to refs/heads/master by this push:
new 8429385 feat: CVE suppression for Tobago 5
8429385 is described below
commit 84293853c8bee994d05efba92fae85b24fc52e11
Author: Udo Schnurpfeil <ud...@irian.eu>
AuthorDate: Wed Jun 23 15:27:48 2021 +0200
feat: CVE suppression for Tobago 5
further dependencies, but only used at build time
issue: TOBAGO-2084
---
.../tobago/dependency-check-suppression-for-tobago-4.x.xml | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-4.x.xml b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-4.x.xml
index 812717a..5cecbc7 100644
--- a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-4.x.xml
+++ b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-4.x.xml
@@ -1,7 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?>
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd"
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+ xsi:schemaLocation="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+ <suppress>
+ <notes><![CDATA[ file name: jdom2-2.0.6.jar ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.jdom/jdom2@.*$</packageUrl>
+ <cve>CVE-2021-33813</cve>
+ </suppress>
<suppress>
<notes><![CDATA[ file name: xbean-asm6-shaded-4.5.jar ]]></notes>
<gav regex="true">^org\.apache\.xbean:xbean-asm6-shaded:.*$</gav>