You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by lo...@apache.org on 2021/01/08 13:29:42 UTC
[myfaces-build-tools] branch master updated: Suppress false
positive log4j-over-slf4j (there is no SMTP)
This is an automated email from the ASF dual-hosted git repository.
lofwyr pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/myfaces-build-tools.git
The following commit(s) were added to refs/heads/master by this push:
new 8aee4fd Suppress false positive log4j-over-slf4j (there is no SMTP)
8aee4fd is described below
commit 8aee4fdf137505aa4630e871ae8e73d57ce074e1
Author: Udo Schnurpfeil <ud...@irian.eu>
AuthorDate: Fri Jan 8 14:29:29 2021 +0100
Suppress false positive log4j-over-slf4j (there is no SMTP)
---
.../resources/tobago/dependency-check-suppression-for-tobago-2.x.xml | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-2.x.xml b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-2.x.xml
index 1640ca4..469911b 100644
--- a/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-2.x.xml
+++ b/other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-2.x.xml
@@ -58,4 +58,9 @@
<gav regex="true">^org\.apache\.xmlgraphics:batik-.*:.*$</gav>
<cve>CVE-2018-8013</cve>
</suppress>
+ <suppress>
+ <notes><![CDATA[ file name: log4j-over-slf4j-1.7.30.jar ]]></notes>
+ <gav regex="true">^org\.slf4j/log4j\-over\-slf4j.*$</gav>
+ <cve>CVE-2020-9488</cve>
+ </suppress>
</suppressions>