You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by eo...@apache.org on 2022/02/25 07:01:33 UTC
[zookeeper] branch branch-3.6 updated: ZOOKEEPER-4478: Suppress OWASP false positives zookeeper-jute-3.8.0-SNAPSHOT.jar: CVE-2021-29425, CVE-2021-28164, CVE-2021-34429
This is an automated email from the ASF dual-hosted git repository.
eolivelli pushed a commit to branch branch-3.6
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/branch-3.6 by this push:
new 5654657 ZOOKEEPER-4478: Suppress OWASP false positives zookeeper-jute-3.8.0-SNAPSHOT.jar: CVE-2021-29425, CVE-2021-28164, CVE-2021-34429
5654657 is described below
commit 565465724a0df518e26296c2f24ef2b12ee11dcc
Author: Enrico Olivelli <eo...@apache.org>
AuthorDate: Fri Feb 25 07:59:07 2022 +0100
ZOOKEEPER-4478: Suppress OWASP false positives zookeeper-jute-3.8.0-SNAPSHOT.jar: CVE-2021-29425, CVE-2021-28164, CVE-2021-34429
Author: Enrico Olivelli <eo...@apache.org>
Reviewers: Mate Szalay-Beko <sy...@apache.org>
Closes #1824 from eolivelli/ZOOKEEPER-4478-owasp
(cherry picked from commit 3004c909b78b3056985c8e39925e14bde3baa430)
Signed-off-by: Enrico Olivelli <eo...@apache.org>
(cherry picked from commit 6189cba81dd7d53f580950b37ca95b4dd19c2a13)
---
owaspSuppressions.xml | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml
index cf84366..1304839 100644
--- a/owaspSuppressions.xml
+++ b/owaspSuppressions.xml
@@ -63,4 +63,12 @@
upgrade to log4j 2. See ZOOKEEPER-3817 -->
<cve>CVE-2020-9488</cve>
</suppress>
+
+ <suppress>
+ <!-- Seems like false positives about zookeeper-jute -->
+ <cve>CVE-2021-29425</cve>
+ <cve>CVE-2021-28164</cve>
+ <cve>CVE-2021-34429</cve>
+ </suppress>
+
</suppressions>