You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@druid.apache.org by gi...@apache.org on 2021/12/10 09:25:05 UTC

[druid] 02/03: Suppress jedis CVE; no worse than 0.22.0.

This is an automated email from the ASF dual-hosted git repository.

gian pushed a commit to branch 0.22.1
in repository https://gitbox.apache.org/repos/asf/druid.git

commit 5d1e705b6e7cdf9225345838a7bfedf58ea67a2c
Author: Gian Merlino <gi...@imply.io>
AuthorDate: Fri Dec 10 01:02:26 2021 -0800

    Suppress jedis CVE; no worse than 0.22.0.
---
 owasp-dependency-check-suppressions.xml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml
index fac43ab..7ecfac0 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -402,4 +402,12 @@
      -->
     <cve>CVE-2021-40531</cve>
   </suppress>
+  <suppress>
+    <!-- Suppressed for 0.22.1 only -->
+    <notes><![CDATA[
+   file name: jedis
+   ]]></notes>
+    <packageUrl regex="true">^pkg:maven/redis\.clients/jedis@2\.9\.0$</packageUrl>
+    <cve>CVE-2021-32626</cve>
+  </suppress>
 </suppressions>

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org