You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by kw...@apache.org on 2023/01/14 19:15:00 UTC
[jackrabbit-filevault] branch master updated: releng: ignore dependency-check false-positive
This is an automated email from the ASF dual-hosted git repository.
kwin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jackrabbit-filevault.git
The following commit(s) were added to refs/heads/master by this push:
new 139359d9 releng: ignore dependency-check false-positive
139359d9 is described below
commit 139359d9a7b01e0004703924f5c0ce86a2187db4
Author: Konrad Windszus <kw...@apache.org>
AuthorDate: Sat Jan 14 20:14:54 2023 +0100
releng: ignore dependency-check false-positive
---
suppressions.xml | 21 +++++++++++++++++++++
vault-diff/pom.xml | 11 +++++++++++
2 files changed, 32 insertions(+)
diff --git a/suppressions.xml b/suppressions.xml
index 2fdd126b..b54582ed 100644
--- a/suppressions.xml
+++ b/suppressions.xml
@@ -57,4 +57,25 @@
<packageUrl regex="true">^pkg:maven/com\.h2database/h2@.*$</packageUrl>
<cve>CVE-2022-45868</cve>
</suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: diffutils-1.2.1.jar, wrong match for pattern cpe:2.3:a:utils_project:utils:1.2.1:*:*:*:*:*:*:*
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/com\.googlecode\.java\-diff\-utils/diffutils@.*$</packageUrl>
+ <cve>CVE-2021-4277</cve>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: org.apache.felix.utils-1.11.8.jar, wrong match for pattern cpe:2.3:a:utils_project:utils:1.2.1:*:*:*:*:*:*:*
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.apache\.felix/org\.apache\.felix\.utils@.*$</packageUrl>
+ <cve>CVE-2021-4277</cve>
+ </suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: plexus-utils-3.3.0.jar, wrong match for pattern cpe:2.3:a:utils_project:utils:1.2.1:*:*:*:*:*:*:*
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$</packageUrl>
+ <cve>CVE-2021-4277</cve>
+ </suppress>
</suppressions>
\ No newline at end of file
diff --git a/vault-diff/pom.xml b/vault-diff/pom.xml
index 2a2ddb90..674982ca 100644
--- a/vault-diff/pom.xml
+++ b/vault-diff/pom.xml
@@ -62,6 +62,17 @@
<!-- B U I L D D E F I N I T I O N -->
<!-- ====================================================================== -->
<build>
+ <pluginManagement>
+ <plugins>
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <configuration>
+ <suppressionFile>${project.basedir}/../suppressions.xml</suppressionFile>
+ </configuration>
+ </plugin>
+ </plugins>
+ </pluginManagement>
<plugins>
<!-- exclude test resources from rat-check -->
<plugin>