You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@bookkeeper.apache.org by eo...@apache.org on 2022/04/13 12:37:14 UTC
[bookkeeper] branch master updated: Fix master broken ci due to zookeeper CVE fp (#3204)
This is an automated email from the ASF dual-hosted git repository.
eolivelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
The following commit(s) were added to refs/heads/master by this push:
new f7579fd13 Fix master broken ci due to zookeeper CVE fp (#3204)
f7579fd13 is described below
commit f7579fd13d62ce630ea26638e73f5884da505ec8
Author: ZhangJian He <sh...@gmail.com>
AuthorDate: Wed Apr 13 20:37:08 2022 +0800
Fix master broken ci due to zookeeper CVE fp (#3204)
---
pom.xml | 2 +-
src/owasp-dependency-check-suppressions.xml | 21 +++++++++++++++++++++
2 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index b20224670..b2e6f9606 100644
--- a/pom.xml
+++ b/pom.xml
@@ -200,7 +200,7 @@
<maven-shade-plugin.version>3.2.0</maven-shade-plugin.version>
<maven-source-plugin.version>2.2.1</maven-source-plugin.version>
<maven-surefire-plugin.version>3.0.0-M5</maven-surefire-plugin.version>
- <dependency-check-maven.version>6.1.6</dependency-check-maven.version>
+ <dependency-check-maven.version>7.0.4</dependency-check-maven.version>
<nar-maven-plugin.version>3.5.2</nar-maven-plugin.version>
<os-maven-plugin.version>1.4.1.Final</os-maven-plugin.version>
<protobuf-maven-plugin.version>0.6.1</protobuf-maven-plugin.version>
diff --git a/src/owasp-dependency-check-suppressions.xml b/src/owasp-dependency-check-suppressions.xml
index cf0f6df62..082dfae03 100644
--- a/src/owasp-dependency-check-suppressions.xml
+++ b/src/owasp-dependency-check-suppressions.xml
@@ -117,6 +117,13 @@
<sha1>e395c1d8a71557b7569cc6a83487b2e30e2e58fe</sha1>
<cve>CVE-2021-28164</cve>
</suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: zookeeper-3.8.0.jar
+ ]]></notes>
+ <sha1>e395c1d8a71557b7569cc6a83487b2e30e2e58fe</sha1>
+ <cve>CVE-2021-28165</cve>
+ </suppress>
<suppress>
<notes><![CDATA[
file name: zookeeper-3.8.0.jar
@@ -159,6 +166,13 @@
<sha1>6560f966bcf1aa78d27bcfa75fb6c4463a72c6c5</sha1>
<cve>CVE-2021-28164</cve>
</suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: zookeeper-jute-3.8.0.jar
+ ]]></notes>
+ <sha1>6560f966bcf1aa78d27bcfa75fb6c4463a72c6c5</sha1>
+ <cve>CVE-2021-28165</cve>
+ </suppress>
<suppress>
<notes><![CDATA[
file name: zookeeper-jute-3.8.0.jar
@@ -173,6 +187,13 @@
<sha1>6560f966bcf1aa78d27bcfa75fb6c4463a72c6c5</sha1>
<cve>CVE-2021-34429</cve>
</suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: zookeeper-3.8.0-tests.jar
+ ]]></notes>
+ <sha1>9b78a289a3aa34eb47fac8c432f664fc140387df</sha1>
+ <cve>CVE-2021-28165</cve>
+ </suppress>
<!-- Netty false positive https://github.com/netty/netty-tcnative/issues/710 -->
<suppress>
<notes><![CDATA[