You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@myfaces.apache.org by lo...@apache.org on 2022/12/09 12:53:57 UTC

[myfaces-build-tools] branch main updated: fix: commons net false positive

This is an automated email from the ASF dual-hosted git repository.

lofwyr pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/myfaces-build-tools.git


The following commit(s) were added to refs/heads/main by this push:
     new 50954a4e fix: commons net false positive
50954a4e is described below

commit 50954a4eb73937214c3892b675997d82041b772e
Author: Udo Schnurpfeil <ud...@irian.eu>
AuthorDate: Fri Dec 9 13:53:45 2022 +0100

    fix: commons net false positive
---
 .../resources/tobago/dependency-check-suppression-for-tobago-2.x.xml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-2.x.xml b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-2.x.xml
index 5394a882..5a5f3661 100644
--- a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-2.x.xml
+++ b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-2.x.xml
@@ -90,4 +90,9 @@
     <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-.*@.*$</packageUrl>
     <cve>CVE-2021-42550</cve>
   </suppress>
+  <suppress>
+    <notes><![CDATA[ file name: commons-*.jar ]]></notes>
+    <packageUrl regex="true">^pkg:maven/.*/.*@.*$</packageUrl>
+    <cve>CVE-2021-37533</cve>
+  </suppress>
 </suppressions>