You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by an...@apache.org on 2019/01/03 15:33:01 UTC
[zookeeper] branch master updated: ZOOKEEPER-3217: owasp job
flagging slf4j on trunk
This is an automated email from the ASF dual-hosted git repository.
andor pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/master by this push:
new 4a8fda7 ZOOKEEPER-3217: owasp job flagging slf4j on trunk
4a8fda7 is described below
commit 4a8fda7031d68236441b13bd878936b2607c5244
Author: Enrico Olivelli - Diennea <eo...@apache.org>
AuthorDate: Thu Jan 3 16:32:46 2019 +0100
ZOOKEEPER-3217: owasp job flagging slf4j on trunk
Disable OWASP checks about slf4j.
We are not using EventData, so ZooKeeper is not subject to https://nvd.nist.gov/vuln/detail/CVE-2018-8088
Author: Enrico Olivelli - Diennea <eo...@apache.org>
Author: Enrico Olivelli <eo...@apache.org>
Reviewers: phunt@apache.org, andor@apache.org
Closes #736 from eolivelli/fix/ZOOKEEPER-3217-owasp and squashes the following commits:
7dd4473a1 [Enrico Olivelli] Add missing license header
dc9bd75cd [Enrico Olivelli - Diennea] ZOOKEEPER-3217 owasp job flagging slf4j on trunk
---
build.xml | 1 +
owaspSuppressions.xml | 25 +++++++++++++++++++++++++
2 files changed, 26 insertions(+)
diff --git a/build.xml b/build.xml
index f8a0546..50bc94f 100644
--- a/build.xml
+++ b/build.xml
@@ -1705,6 +1705,7 @@ xmlns:cs="antlib:com.puppycrawl.tools.checkstyle.ant">
reportoutputdirectory="${owasp.out.dir}"
reportformat="ALL"
failBuildOnCVSS="0">
+ <suppressionfile path="${basedir}/owaspSuppressions.xml" />
<fileset dir="${ivy.lib}">
<include name="**/*.jar"/>
diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml
new file mode 100644
index 0000000..0165b9a
--- /dev/null
+++ b/owaspSuppressions.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
+ <suppress>
+ <!-- ZOOKEEPER-3217 -->
+ <cve>CVE-2018-8088</cve>
+ </suppress>
+</suppressions>