You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@druid.apache.org by GitBox <gi...@apache.org> on 2022/09/23 10:53:10 UTC

[GitHub] [druid] abhishekagarwal87 commented on a diff in pull request #13119: Suppress Calcite CVE

abhishekagarwal87 commented on code in PR #13119:
URL: https://github.com/apache/druid/pull/13119#discussion_r978509295


##########
owasp-dependency-check-suppressions.xml:
##########
@@ -632,4 +632,26 @@
     <cve>CVE-2022-31197</cve>
   </suppress>
 
+  <suppress>
+    <!-- avatica-server-1.17.0.jar -->
+    <notes><![CDATA[
+   file name: avatica-server-1.17.0.jar

Review Comment:
   the failure is being reported for `avatica-server` as well. 
   ```
   [ERROR] ----------------------------------------------------
   [ERROR] .NET Assembly Analyzer could not be initialized and at least one 'exe' or 'dll' was scanned. The 'dotnet' executable could not be found on the path; either disable the Assembly Analyzer or add the path to dotnet core in the configuration.
   [ERROR] ----------------------------------------------------
   [ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.0.4:aggregate (default-cli) on project druid: 
   [ERROR] 
   [ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0': 
   [ERROR] 
   [ERROR] avatica-server-1.17.0.jar: CVE-2022-39135(9.8)
   [ERROR] calcite-core-1.21.0.jar: CVE-2022-39135(9.8)
   [ERROR] 
   [ERROR] See the dependency-check report for more details.
   [ERROR] -> [Help 1]
   [ERROR] 
   [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
   [ERROR] Re-run Maven using the -X switch to enable full debug logging.
   [ERROR] 
   [ERROR] For more information about the errors and possible solutions, please read the following articles:
   [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org