You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by br...@apache.org on 2022/10/18 15:39:21 UTC
[cassandra] branch cassandra-3.11 updated: Suppress CVE-2022-42003 and CVE-2022-42004
This is an automated email from the ASF dual-hosted git repository.
brandonwilliams pushed a commit to branch cassandra-3.11
in repository https://gitbox.apache.org/repos/asf/cassandra.git
The following commit(s) were added to refs/heads/cassandra-3.11 by this push:
new 2e6528542b Suppress CVE-2022-42003 and CVE-2022-42004
2e6528542b is described below
commit 2e6528542b21a5d79eeba6d22ddc2a289805f98c
Author: Brandon Williams <br...@apache.org>
AuthorDate: Mon Oct 17 10:12:08 2022 -0500
Suppress CVE-2022-42003 and CVE-2022-42004
Patch by brandonwilliams; reviewed by smiklosovic for CASSANDRA-17966
---
.build/dependency-check-suppressions.xml | 8 ++++++++
CHANGES.txt | 1 +
2 files changed, 9 insertions(+)
diff --git a/.build/dependency-check-suppressions.xml b/.build/dependency-check-suppressions.xml
index 28cbf593bd..bd6f90da62 100644
--- a/.build/dependency-check-suppressions.xml
+++ b/.build/dependency-check-suppressions.xml
@@ -81,4 +81,12 @@
<cve>CVE-2018-11798</cve>
<cve>CVE-2019-0205</cve>
</suppress>
+
+ <!-- https://issues.apache.org/jira/browse/CASSANDRA-17966 -->
+ <suppress>
+ <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
+ <cve>CVE-2022-42003</cve>
+ <cve>CVE-2022-42004</cve>
+ </suppress>
+
</suppressions>
diff --git a/CHANGES.txt b/CHANGES.txt
index 91b7d4c4fe..cbe38d02b3 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
3.11.14
+ * Suppress CVE-2022-42003 and CVE-2022-42004 (CASSANDRA-17966)
* Make LongBufferPoolTest insensitive to timing (CASSANDRA-16681)
* Suppress CVE-2022-25857 and other snakeyaml CVEs (CASSANDRA-17907)
* Fix potential IndexOutOfBoundsException in PagingState in mixed mode clusters (CASSANDRA-17840)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org