You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by br...@apache.org on 2022/10/18 16:20:09 UTC
[cassandra] branch cassandra-3.0 updated: Suppress CVE-2019-2684
This is an automated email from the ASF dual-hosted git repository.
brandonwilliams pushed a commit to branch cassandra-3.0
in repository https://gitbox.apache.org/repos/asf/cassandra.git
The following commit(s) were added to refs/heads/cassandra-3.0 by this push:
new 3d4e6944ef Suppress CVE-2019-2684
3d4e6944ef is described below
commit 3d4e6944ef11d96858507779b9280f5b9c198ffa
Author: Brandon Williams <br...@apache.org>
AuthorDate: Mon Oct 17 10:49:22 2022 -0500
Suppress CVE-2019-2684
Patch by brandonwilliams; reviewed by smiklosovic for CASSANDRA-17965
---
.build/dependency-check-suppressions.xml | 1 +
CHANGES.txt | 1 +
2 files changed, 2 insertions(+)
diff --git a/.build/dependency-check-suppressions.xml b/.build/dependency-check-suppressions.xml
index e0fd8c3a55..11bc87a552 100644
--- a/.build/dependency-check-suppressions.xml
+++ b/.build/dependency-check-suppressions.xml
@@ -55,6 +55,7 @@
<!-- this was fixed in 3.0.22 -->
<suppress>
<packageUrl regex="true">^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-core@.*$</packageUrl>
+ <cve>CVE-2019-2684</cve>
<cve>CVE-2020-13946</cve>
<cve>CVE-2020-17516</cve>
<cve>CVE-2021-44521</cve>
diff --git a/CHANGES.txt b/CHANGES.txt
index 14efe64814..7dd28c8a84 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
3.0.28
+ * Suppress CVE-2019-2684 (CASSANDRA-17965)
* Fix auto-completing "WITH" when creating a materialized view (CASSANDRA-17879)
* Fix scrubber falling into infinite loop when the last partition is broken (CASSANDRA-17862)
* Improve libjemalloc resolution in bin/cassandra (CASSANDRA-15767)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org