You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by zi...@apache.org on 2022/06/01 09:18:26 UTC

[pulsar] branch master updated: [fix][dependency] Add OWASP suppression for openstack-keystone-2.5.0 and openstack-swift-2.5.0 (#15829)

This is an automated email from the ASF dual-hosted git repository.

zike pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new 488933dc539 [fix][dependency] Add OWASP suppression for openstack-keystone-2.5.0 and openstack-swift-2.5.0 (#15829)
488933dc539 is described below

commit 488933dc539f64f80331bd29902080737a7a7891
Author: Zike Yang <zi...@apache.org>
AuthorDate: Wed Jun 1 17:18:17 2022 +0800

    [fix][dependency] Add OWASP suppression for openstack-keystone-2.5.0 and openstack-swift-2.5.0 (#15829)
    
    ### Motivation
    
    Currently, there is a failure in the OWASP dependency check in the CI: https://github.com/apache/pulsar/runs/6648112388?check_suite_focus=true
    
    The openstack-keystone and openstack-swift have been suppressed in https://github.com/apache/pulsar/pull/13926 .
    
    The root cause is that the PR https://github.com/apache/pulsar/pull/15649 had updated the jcloud version but didn't update the version of openstack-keystone and openstack-swift included in jcloud in the file `owasp-dependency-check-suppressions.xml`.
    
    ### Modifications
    
    * Add OWASP suppression for openstack-keystone-2.5.0 and openstack-swift-2.5.0.
---
 src/owasp-dependency-check-suppressions.xml | 40 ++++++++++++-----------------
 1 file changed, 16 insertions(+), 24 deletions(-)

diff --git a/src/owasp-dependency-check-suppressions.xml b/src/owasp-dependency-check-suppressions.xml
index a4c2c16e1c4..a4ad4ac5246 100644
--- a/src/owasp-dependency-check-suppressions.xml
+++ b/src/owasp-dependency-check-suppressions.xml
@@ -296,66 +296,58 @@
     <!-- jclouds/openswift misdetections -->
     <suppress>
         <notes><![CDATA[
-       file name: openstack-swift-2.4.0.jar
+       file name: openstack-swift-2.5.0.jar
        ]]></notes>
-        <sha1>3f8f54bbcb73608ac8b66f186a824b75065eb413</sha1>
+        <sha1>d99d0eab2e01d69d8a326fc152427fbd759af88a</sha1>
         <cve>CVE-2016-0738</cve>
     </suppress>
     <suppress>
         <notes><![CDATA[
-       file name: openstack-swift-2.4.0.jar
+       file name: openstack-swift-2.5.0.jar
        ]]></notes>
-        <sha1>3f8f54bbcb73608ac8b66f186a824b75065eb413</sha1>
+        <sha1>d99d0eab2e01d69d8a326fc152427fbd759af88a</sha1>
         <cve>CVE-2017-16613</cve>
     </suppress>
     <suppress>
         <notes><![CDATA[
-       file name: openstack-swift-2.4.0.jar
+       file name: openstack-keystone-2.5.0.jar
        ]]></notes>
-        <sha1>3f8f54bbcb73608ac8b66f186a824b75065eb413</sha1>
-        <cve>CVE-2017-8761</cve>
-    </suppress>
-    
-    <suppress>
-        <notes><![CDATA[
-       file name: openstack-keystone-2.4.0.jar
-       ]]></notes>
-        <sha1>4f47a6b485371d357827b6a517ba54d073dc7b8b</sha1>
+        <sha1>a7e89bd278fa8be9fa604dda66d1606de5530797</sha1>
         <cve>CVE-2018-14432</cve>
     </suppress>
     <suppress>
         <notes><![CDATA[
-       file name: openstack-keystone-2.4.0.jar
+       file name: openstack-keystone-2.5.0.jar
        ]]></notes>
-        <sha1>4f47a6b485371d357827b6a517ba54d073dc7b8b</sha1>
+        <sha1>a7e89bd278fa8be9fa604dda66d1606de5530797</sha1>
         <cve>CVE-2018-20170</cve>
     </suppress>
     <suppress>
         <notes><![CDATA[
-       file name: openstack-keystone-2.4.0.jar
+       file name: openstack-keystone-2.5.0.jar
        ]]></notes>
-        <sha1>4f47a6b485371d357827b6a517ba54d073dc7b8b</sha1>
+        <sha1>a7e89bd278fa8be9fa604dda66d1606de5530797</sha1>
         <cve>CVE-2020-12689</cve>
     </suppress>
     <suppress>
         <notes><![CDATA[
-       file name: openstack-keystone-2.4.0.jar
+       file name: openstack-keystone-2.5.0.jar
        ]]></notes>
-        <sha1>4f47a6b485371d357827b6a517ba54d073dc7b8b</sha1>
+        <sha1>a7e89bd278fa8be9fa604dda66d1606de5530797</sha1>
         <cve>CVE-2020-12690</cve>
     </suppress>
     <suppress>
         <notes><![CDATA[
-       file name: openstack-keystone-2.4.0.jar
+       file name: openstack-keystone-2.5.0.jar
        ]]></notes>
-        <sha1>4f47a6b485371d357827b6a517ba54d073dc7b8b</sha1>
+        <sha1>a7e89bd278fa8be9fa604dda66d1606de5530797</sha1>
         <cve>CVE-2020-12691</cve>
     </suppress>
     <suppress>
         <notes><![CDATA[
-       file name: openstack-keystone-2.4.0.jar
+       file name: openstack-keystone-2.5.0.jar
        ]]></notes>
-        <sha1>4f47a6b485371d357827b6a517ba54d073dc7b8b</sha1>
+        <sha1>a7e89bd278fa8be9fa604dda66d1606de5530797</sha1>
         <cve>CVE-2020-12692</cve>
     </suppress>