You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by cw...@apache.org on 2020/01/15 08:56:21 UTC
[druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for
htrace-core-4.0.1 (#9189) (#9191)
This is an automated email from the ASF dual-hosted git repository.
cwylie pushed a commit to branch 0.17.0
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/0.17.0 by this push:
new 47fd6da Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)
47fd6da is described below
commit 47fd6da30c670e4dd7f136e6c549cc751461dcb4
Author: Chi Cao Minh <ch...@imply.io>
AuthorDate: Wed Jan 15 00:56:06 2020 -0800
Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)
CVE-2019-20330 was updated on 14 Jan 2020, which now gets flagged by the
security vulnerability scan. Since the CVE is for jackson-databind, via
htrace-core-4.0.1, it can be added to the existing list of security
vulnerability suppressions for that dependency.
---
owasp-dependency-check-suppressions.xml | 1 +
1 file changed, 1 insertion(+)
diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml
index cf88f39..22ab0ec 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -194,5 +194,6 @@
<cve>CVE-2019-16943</cve>
<cve>CVE-2019-17267</cve>
<cve>CVE-2019-17531</cve>
+ <cve>CVE-2019-20330</cve>
</suppress>
</suppressions>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org