You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by kr...@apache.org on 2018/12/21 03:22:39 UTC
[knox] branch master updated: OWASP false positives
This is an automated email from the ASF dual-hosted git repository.
krisden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/master by this push:
new 89fcabe OWASP false positives
89fcabe is described below
commit 89fcabec45c2a80fa2f352a638a8b0110a2eaf92
Author: Kevin Risden <kr...@apache.org>
AuthorDate: Thu Dec 20 22:21:59 2018 -0500
OWASP false positives
Signed-off-by: Kevin Risden <kr...@apache.org>
---
.../resources/build-tools/dependency-check/suppressions.xml | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
index ed557c9..5074ddd 100644
--- a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
+++ b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
@@ -32,6 +32,12 @@ limitations under the License.
<cve>CVE-2015-3250</cve> <!-- Already past 1.0.0-M30 -->
</suppress>
<suppress>
+ <notes><![CDATA[file name: apacheds-.*.jar]]></notes>
+ <gav regex="true">^org\.apache\.directory\.server:apacheds-.*$</gav>
+ <cpe>cpe:/a:apache:apache_http_server</cpe>
+ <cpe>cpe:/a:net-ldap_project:net-ldap</cpe>
+ </suppress>
+ <suppress>
<notes><![CDATA[file name: gateway-.*.jar]]></notes>
<gav regex="true">^org\.apache\.knox:gateway-.*:.*$</gav>
<cpe>cpe:/a:apache:ambari</cpe>
@@ -94,6 +100,11 @@ limitations under the License.
<cpe>cpe:/a:openid:openid</cpe>
</suppress>
<suppress>
+ <notes><![CDATA[slf4j-ext and EventData not used]]></notes>
+ <gav regex="true">^org\.slf4j:.*$</gav>
+ <cve>CVE-2018-8088</cve>
+ </suppress>
+ <suppress>
<notes><![CDATA[file name: xz-.*.jar]]></notes>
<gav regex="true">^org\.tukaani:xz:.*$</gav>
<cve>CVE-2015-4035</cve>
Re: [knox] branch master updated: OWASP false positives
Posted by Kevin Risden <kr...@apache.org>.
Ah nice :) Thanks!
Kevin Risden
On Fri, Dec 21, 2018 at 7:07 AM Colm O hEigeartaigh <co...@apache.org> wrote:
>
> FYI I've already raised most of these here:
> https://github.com/jeremylong/DependencyCheck/issues
>
> Colm.
>
> On Fri, Dec 21, 2018 at 3:22 AM <kr...@apache.org> wrote:
>
> > This is an automated email from the ASF dual-hosted git repository.
> >
> > krisden pushed a commit to branch master
> > in repository https://gitbox.apache.org/repos/asf/knox.git
> >
> >
> > The following commit(s) were added to refs/heads/master by this push:
> > new 89fcabe OWASP false positives
> > 89fcabe is described below
> >
> > commit 89fcabec45c2a80fa2f352a638a8b0110a2eaf92
> > Author:
Kevin Risden <kr...@apache.org>
> > AuthorDate: Thu Dec 20 22:21:59 2018 -0500
> >
> > OWASP false positives
> >
> > Signed-off-by: Kevin Risden <kr...@apache.org>
> > ---
> > .../resources/build-tools/dependency-check/suppressions.xml | 11
> > +++++++++++
> > 1 file changed, 11 insertions(+)
> >
> > diff --git
> > a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> > b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> > index ed557c9..5074ddd 100644
> > ---
> > a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> > +++
> > b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> > @@ -32,6 +32,12 @@ limitations under the License.
> > <cve>CVE-2015-3250</cve> <!-- Already past 1.0.0-M30 -->
> > </suppress>
> > <suppress>
> > + <notes><![CDATA[file name: apacheds-.*.jar]]></notes>
> > + <gav
> > regex="true">^org\.apache\.directory\.server:apacheds-.*$</gav>
> > + <cpe>cpe:/a:apache:apache_http_server</cpe>
> > + <cpe>cpe:/a:net-ldap_project:net-ldap</cpe>
> > + </suppress>
> > + <suppress>
> > <notes><![CDATA[file name: gateway-.*.jar]]></notes>
> > <gav regex="true">^org\.apache\.knox:gateway-.*:.*$</gav>
> > <cpe>cpe:/a:apache:ambari</cpe>
> > @@ -94,6 +100,11 @@ limitations under the License.
> > <cpe>cpe:/a:openid:openid</cpe>
> > </suppress>
> > <suppress>
> > + <notes><![CDATA[slf4j-ext and EventData not used]]></notes>
> > + <gav regex="true">^org\.slf4j:.*$</gav>
> > + <cve>CVE-2018-8088</cve>
> > + </suppress>
> > + <suppress>
> > <notes><![CDATA[file name: xz-.*.jar]]></notes>
> > <gav regex="true">^org\.tukaani:xz:.*$</gav>
> > <cve>CVE-2015-4035</cve>
> >
> >
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
Re: [knox] branch master updated: OWASP false positives
Posted by Colm O hEigeartaigh <co...@apache.org>.
FYI I've already raised most of these here:
https://github.com/jeremylong/DependencyCheck/issues
Colm.
On Fri, Dec 21, 2018 at 3:22 AM <kr...@apache.org> wrote:
> This is an automated email from the ASF dual-hosted git repository.
>
> krisden pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/knox.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
> new 89fcabe OWASP false positives
> 89fcabe is described below
>
> commit 89fcabec45c2a80fa2f352a638a8b0110a2eaf92
> Author: Kevin Risden <kr...@apache.org>
> AuthorDate: Thu Dec 20 22:21:59 2018 -0500
>
> OWASP false positives
>
> Signed-off-by: Kevin Risden <kr...@apache.org>
> ---
> .../resources/build-tools/dependency-check/suppressions.xml | 11
> +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git
> a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> index ed557c9..5074ddd 100644
> ---
> a/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> +++
> b/build-tools/src/main/resources/build-tools/dependency-check/suppressions.xml
> @@ -32,6 +32,12 @@ limitations under the License.
> <cve>CVE-2015-3250</cve> <!-- Already past 1.0.0-M30 -->
> </suppress>
> <suppress>
> + <notes><![CDATA[file name: apacheds-.*.jar]]></notes>
> + <gav
> regex="true">^org\.apache\.directory\.server:apacheds-.*$</gav>
> + <cpe>cpe:/a:apache:apache_http_server</cpe>
> + <cpe>cpe:/a:net-ldap_project:net-ldap</cpe>
> + </suppress>
> + <suppress>
> <notes><![CDATA[file name: gateway-.*.jar]]></notes>
> <gav regex="true">^org\.apache\.knox:gateway-.*:.*$</gav>
> <cpe>cpe:/a:apache:ambari</cpe>
> @@ -94,6 +100,11 @@ limitations under the License.
> <cpe>cpe:/a:openid:openid</cpe>
> </suppress>
> <suppress>
> + <notes><![CDATA[slf4j-ext and EventData not used]]></notes>
> + <gav regex="true">^org\.slf4j:.*$</gav>
> + <cve>CVE-2018-8088</cve>
> + </suppress>
> + <suppress>
> <notes><![CDATA[file name: xz-.*.jar]]></notes>
> <gav regex="true">^org\.tukaani:xz:.*$</gav>
> <cve>CVE-2015-4035</cve>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com