You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by eo...@apache.org on 2022/08/29 06:45:33 UTC
[pulsar] branch master updated: [cleanup][owasp] Supress false positive netty-tcnative (#17282)
This is an automated email from the ASF dual-hosted git repository.
eolivelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 409bb128102 [cleanup][owasp] Supress false positive netty-tcnative (#17282)
409bb128102 is described below
commit 409bb128102308da188f28b49adf7da8bb58ea2a
Author: Nicolò Boschi <bo...@gmail.com>
AuthorDate: Mon Aug 29 08:45:25 2022 +0200
[cleanup][owasp] Supress false positive netty-tcnative (#17282)
---
src/owasp-dependency-check-false-positives.xml | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/owasp-dependency-check-false-positives.xml b/src/owasp-dependency-check-false-positives.xml
index 54b703f0108..e69afb31a68 100644
--- a/src/owasp-dependency-check-false-positives.xml
+++ b/src/owasp-dependency-check-false-positives.xml
@@ -54,6 +54,13 @@
<packageUrl regex="true">^pkg:maven/io\.netty/netty\-tcnative\-classes@.*$</packageUrl>
<cpe>cpe:/a:netty:netty</cpe>
</suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: netty-tcnative-boringssl-static-2.0.52.Final-osx-aarch_64.jar
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/io\.netty/netty\-tcnative\-boringssl\-static@.*$</packageUrl>
+ <cpe>cpe:/a:chromium_project:chromium</cpe>
+ </suppress>
<suppress>
<!-- Zookkeeper false positive about Jetty and commons-io-->
<!-- https://github.com/apache/zookeeper/pull/1824-->