You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by br...@apache.org on 2022/12/05 16:11:19 UTC
[cassandra] branch cassandra-3.0 updated: Suppress CVE-2022-41854 and similar
This is an automated email from the ASF dual-hosted git repository.
brandonwilliams pushed a commit to branch cassandra-3.0
in repository https://gitbox.apache.org/repos/asf/cassandra.git
The following commit(s) were added to refs/heads/cassandra-3.0 by this push:
new 92019df4d8 Suppress CVE-2022-41854 and similar
92019df4d8 is described below
commit 92019df4d8540b384d7fb8655f7c02293f7f7ec1
Author: Brandon Williams <br...@apache.org>
AuthorDate: Wed Nov 30 09:44:25 2022 -0600
Suppress CVE-2022-41854 and similar
Patch by brandonwilliams; reviewed by bereng for CASSANDRA-18083
---
.build/dependency-check-suppressions.xml | 6 ++++++
CHANGES.txt | 1 +
2 files changed, 7 insertions(+)
diff --git a/.build/dependency-check-suppressions.xml b/.build/dependency-check-suppressions.xml
index 11bc87a552..d9eea56920 100644
--- a/.build/dependency-check-suppressions.xml
+++ b/.build/dependency-check-suppressions.xml
@@ -23,6 +23,12 @@
<suppress>
<!-- https://issues.apache.org/jira/browse/CASSANDRA-16150 -->
<packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
+ <cve>CVE-2022-38752</cve>
+ <cve>CVE-2022-38751</cve>
+ <cve>CVE-2022-38750</cve>
+ <cve>CVE-2022-41854</cve>
+ <cve>CVE-2022-25857</cve>
+ <cve>CVE-2022-38749</cve>
<cve>CVE-2017-18640</cve>
</suppress>
diff --git a/CHANGES.txt b/CHANGES.txt
index 95931e0485..296d41f2b2 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
3.0.29
+ * Suppress CVE-2022-41854 and similar (CASSANDRA-18083)
* Fix running Ant rat targets without git (CASSANDRA-17974)
* Fix intermittent failure in nodetool toppartitions (CASSANDRA-17254)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org