You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@bookkeeper.apache.org by eo...@apache.org on 2022/04/13 12:37:14 UTC

[bookkeeper] branch master updated: Fix master broken ci due to zookeeper CVE fp (#3204)

This is an automated email from the ASF dual-hosted git repository.

eolivelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git


The following commit(s) were added to refs/heads/master by this push:
     new f7579fd13 Fix master broken ci due to zookeeper CVE fp (#3204)
f7579fd13 is described below

commit f7579fd13d62ce630ea26638e73f5884da505ec8
Author: ZhangJian He <sh...@gmail.com>
AuthorDate: Wed Apr 13 20:37:08 2022 +0800

    Fix master broken ci due to zookeeper CVE fp (#3204)
---
 pom.xml                                     |  2 +-
 src/owasp-dependency-check-suppressions.xml | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index b20224670..b2e6f9606 100644
--- a/pom.xml
+++ b/pom.xml
@@ -200,7 +200,7 @@
     <maven-shade-plugin.version>3.2.0</maven-shade-plugin.version>
     <maven-source-plugin.version>2.2.1</maven-source-plugin.version>
     <maven-surefire-plugin.version>3.0.0-M5</maven-surefire-plugin.version>
-    <dependency-check-maven.version>6.1.6</dependency-check-maven.version>
+    <dependency-check-maven.version>7.0.4</dependency-check-maven.version>
     <nar-maven-plugin.version>3.5.2</nar-maven-plugin.version>
     <os-maven-plugin.version>1.4.1.Final</os-maven-plugin.version>
     <protobuf-maven-plugin.version>0.6.1</protobuf-maven-plugin.version>
diff --git a/src/owasp-dependency-check-suppressions.xml b/src/owasp-dependency-check-suppressions.xml
index cf0f6df62..082dfae03 100644
--- a/src/owasp-dependency-check-suppressions.xml
+++ b/src/owasp-dependency-check-suppressions.xml
@@ -117,6 +117,13 @@
     <sha1>e395c1d8a71557b7569cc6a83487b2e30e2e58fe</sha1>
     <cve>CVE-2021-28164</cve>
   </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: zookeeper-3.8.0.jar
+   ]]></notes>
+        <sha1>e395c1d8a71557b7569cc6a83487b2e30e2e58fe</sha1>
+        <cve>CVE-2021-28165</cve>
+    </suppress>
   <suppress>
     <notes><![CDATA[
    file name: zookeeper-3.8.0.jar
@@ -159,6 +166,13 @@
     <sha1>6560f966bcf1aa78d27bcfa75fb6c4463a72c6c5</sha1>
     <cve>CVE-2021-28164</cve>
   </suppress>
+  <suppress>
+    <notes><![CDATA[
+   file name: zookeeper-jute-3.8.0.jar
+   ]]></notes>
+    <sha1>6560f966bcf1aa78d27bcfa75fb6c4463a72c6c5</sha1>
+    <cve>CVE-2021-28165</cve>
+  </suppress>
   <suppress>
     <notes><![CDATA[
    file name: zookeeper-jute-3.8.0.jar
@@ -173,6 +187,13 @@
     <sha1>6560f966bcf1aa78d27bcfa75fb6c4463a72c6c5</sha1>
     <cve>CVE-2021-34429</cve>
   </suppress>
+  <suppress>
+    <notes><![CDATA[
+   file name: zookeeper-3.8.0-tests.jar
+   ]]></notes>
+     <sha1>9b78a289a3aa34eb47fac8c432f664fc140387df</sha1>
+     <cve>CVE-2021-28165</cve>
+  </suppress>
 <!--    Netty false positive https://github.com/netty/netty-tcnative/issues/710 -->
     <suppress>
         <notes><![CDATA[