You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by kw...@apache.org on 2023/01/14 19:15:00 UTC

[jackrabbit-filevault] branch master updated: releng: ignore dependency-check false-positive

This is an automated email from the ASF dual-hosted git repository.

kwin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jackrabbit-filevault.git


The following commit(s) were added to refs/heads/master by this push:
     new 139359d9 releng: ignore dependency-check false-positive
139359d9 is described below

commit 139359d9a7b01e0004703924f5c0ce86a2187db4
Author: Konrad Windszus <kw...@apache.org>
AuthorDate: Sat Jan 14 20:14:54 2023 +0100

    releng: ignore dependency-check false-positive
---
 suppressions.xml   | 21 +++++++++++++++++++++
 vault-diff/pom.xml | 11 +++++++++++
 2 files changed, 32 insertions(+)

diff --git a/suppressions.xml b/suppressions.xml
index 2fdd126b..b54582ed 100644
--- a/suppressions.xml
+++ b/suppressions.xml
@@ -57,4 +57,25 @@
        <packageUrl regex="true">^pkg:maven/com\.h2database/h2@.*$</packageUrl>
        <cve>CVE-2022-45868</cve>
     </suppress>
+    <suppress>
+       <notes><![CDATA[
+       file name: diffutils-1.2.1.jar, wrong match for pattern cpe:2.3:a:utils_project:utils:1.2.1:*:*:*:*:*:*:*
+       ]]></notes>
+       <packageUrl regex="true">^pkg:maven/com\.googlecode\.java\-diff\-utils/diffutils@.*$</packageUrl>
+       <cve>CVE-2021-4277</cve>
+    </suppress>
+    <suppress>
+       <notes><![CDATA[
+       file name: org.apache.felix.utils-1.11.8.jar, wrong match for pattern cpe:2.3:a:utils_project:utils:1.2.1:*:*:*:*:*:*:*
+       ]]></notes>
+       <packageUrl regex="true">^pkg:maven/org\.apache\.felix/org\.apache\.felix\.utils@.*$</packageUrl>
+       <cve>CVE-2021-4277</cve>
+    </suppress>
+    <suppress>
+       <notes><![CDATA[
+       file name: plexus-utils-3.3.0.jar, wrong match for pattern cpe:2.3:a:utils_project:utils:1.2.1:*:*:*:*:*:*:*
+       ]]></notes>
+       <packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$</packageUrl>
+       <cve>CVE-2021-4277</cve>
+    </suppress>
 </suppressions>
\ No newline at end of file
diff --git a/vault-diff/pom.xml b/vault-diff/pom.xml
index 2a2ddb90..674982ca 100644
--- a/vault-diff/pom.xml
+++ b/vault-diff/pom.xml
@@ -62,6 +62,17 @@
     <!-- B U I L D   D E F I N I T I O N                                        -->
     <!-- ====================================================================== -->
     <build>
+        <pluginManagement>
+            <plugins>
+                 <plugin>
+                    <groupId>org.owasp</groupId>
+                    <artifactId>dependency-check-maven</artifactId>
+                    <configuration>
+                        <suppressionFile>${project.basedir}/../suppressions.xml</suppressionFile>
+                    </configuration>
+                 </plugin>
+            </plugins>
+        </pluginManagement>
         <plugins>
             <!-- exclude test resources from rat-check -->
             <plugin>