You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by sy...@apache.org on 2022/02/14 08:02:24 UTC
[zookeeper] branch branch-3.6 updated: ZOOKEEPER-4469: Suppress OWASP false positives related to Netty TCNative
This is an automated email from the ASF dual-hosted git repository.
symat pushed a commit to branch branch-3.6
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/branch-3.6 by this push:
new 68c8e70 ZOOKEEPER-4469: Suppress OWASP false positives related to Netty TCNative
68c8e70 is described below
commit 68c8e706afcb13720e8e00bc0eb1a5c062896ecf
Author: Enrico Olivelli <eo...@apache.org>
AuthorDate: Mon Feb 14 07:50:43 2022 +0000
ZOOKEEPER-4469: Suppress OWASP false positives related to Netty TCNative
More context here:
https://issues.apache.org/jira/browse/ZOOKEEPER-4469
I am also updating the OWASP dependency check
Author: Enrico Olivelli <eo...@apache.org>
Reviewers: Norbert Kalmar <nk...@apache.org>, Mate Szalay-Beko <sy...@apache.org>
Closes #1817 from eolivelli/ZOOKEEPER-4469
(cherry picked from commit 428e6f92132e19390c81e19f67d5380451acdbe4)
---
owaspSuppressions.xml | 12 ++++++++++++
pom.xml | 2 +-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml
index 2565f0d..cf84366 100644
--- a/owaspSuppressions.xml
+++ b/owaspSuppressions.xml
@@ -34,6 +34,18 @@
<!-- https://github.com/jeremylong/DependencyCheck/issues/1653
False positive on Netty 4.x-->
<cve>CVE-2018-12056</cve>
+ <!-- other false positives related to Netty TCNative 4.x -->
+ <cve>CVE-2021-43797</cve>
+ <cve>CVE-2019-16869</cve>
+ <cve>CVE-2015-2156</cve>
+ <cve>CVE-2021-37136</cve>
+ <cve>CVE-2014-3488</cve>
+ <cve>CVE-2021-37137</cve>
+ <cve>CVE-2019-20445</cve>
+ <cve>CVE-2019-20444</cve>
+ <cve>CVE-2021-21295</cve>
+ <cve>CVE-2021-21409</cve>
+ <cve>CVE-2021-21290</cve>
</suppress>
<suppress>
<!-- Seems like false positive - we are not using Prometheus
diff --git a/pom.xml b/pom.xml
index 84dc78f..2606c68 100755
--- a/pom.xml
+++ b/pom.xml
@@ -672,7 +672,7 @@
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
- <version>5.3.0</version>
+ <version>6.5.3</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>