You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by jo...@apache.org on 2020/10/08 08:23:46 UTC
[druid] branch 0.20.0 updated: Suppress CVE-2018-11765 for hadoop
dependencies (#10485) (#10492)
This is an automated email from the ASF dual-hosted git repository.
jonwei pushed a commit to branch 0.20.0
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/0.20.0 by this push:
new 9a2a9ac Suppress CVE-2018-11765 for hadoop dependencies (#10485) (#10492)
9a2a9ac is described below
commit 9a2a9acb7d34b81feb98b5b4499a4a36f640bdc1
Author: Jonathan Wei <jo...@users.noreply.github.com>
AuthorDate: Thu Oct 8 01:23:25 2020 -0700
Suppress CVE-2018-11765 for hadoop dependencies (#10485) (#10492)
---
owasp-dependency-check-suppressions.xml | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml
index 998e5c6..6a532ef 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -281,4 +281,11 @@
<cve>CVE-2018-8009</cve>
<cve>CVE-2018-8029</cve>
</suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: hadoop-*-2.8.5.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.hadoop/hadoop\-.*@.*$</packageUrl>
+ <cve>CVE-2018-11765</cve>
+ </suppress>
</suppressions>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org