You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by ji...@apache.org on 2022/09/20 07:04:30 UTC
[pulsar] 02/02: [cleanup][owasp] Supress false positive netty-tcnative (#17282)
This is an automated email from the ASF dual-hosted git repository.
jianghaiting pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit d2793e4618de06ac0d3a670e28d16d0beb045248
Author: Nicolò Boschi <bo...@gmail.com>
AuthorDate: Mon Aug 29 08:45:25 2022 +0200
[cleanup][owasp] Supress false positive netty-tcnative (#17282)
(cherry picked from commit 409bb128102308da188f28b49adf7da8bb58ea2a)
---
src/owasp-dependency-check-false-positives.xml | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/owasp-dependency-check-false-positives.xml b/src/owasp-dependency-check-false-positives.xml
index dc14e83c685..213bf94371d 100644
--- a/src/owasp-dependency-check-false-positives.xml
+++ b/src/owasp-dependency-check-false-positives.xml
@@ -54,6 +54,13 @@
<packageUrl regex="true">^pkg:maven/io\.netty/netty\-tcnative\-classes@.*$</packageUrl>
<cpe>cpe:/a:netty:netty</cpe>
</suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: netty-tcnative-boringssl-static-2.0.52.Final-osx-aarch_64.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/io\.netty/netty\-tcnative\-boringssl\-static@.*$</packageUrl>
+ <cpe>cpe:/a:chromium_project:chromium</cpe>
+ </suppress>
<!-- CVE-2021-23214 is about PostGre server -->
<suppress>