You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by su...@apache.org on 2022/04/21 15:48:36 UTC
[druid] branch master updated: Supress CVE 2022 26612 (#12463)
This is an automated email from the ASF dual-hosted git repository.
suneet pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/master by this push:
new 65d00c705c Supress CVE 2022 26612 (#12463)
65d00c705c is described below
commit 65d00c705cc56185c6dd9678f860b3d0415caba6
Author: Tejaswini Bandlamudi <96...@users.noreply.github.com>
AuthorDate: Thu Apr 21 21:18:20 2022 +0530
Supress CVE 2022 26612 (#12463)
* supress CVE-2022-26612
* adding packageUrl
* suppressing CVE-2022-26612
* adding packageUrl
* moving to hadoop section
---
owasp-dependency-check-suppressions.xml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml
index abc05abead..5abf35737f 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -320,12 +320,14 @@
<cve>CVE-2018-8029</cve>
</suppress>
<suppress>
+ <!-- Suppress cves that aren't applicable to hadoop client -->
<notes><![CDATA[
file name: hadoop-*-2.8.5.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.hadoop/hadoop\-.*@.*$</packageUrl>
<cve>CVE-2018-11765</cve>
<cve>CVE-2020-9492</cve>
+ <cve>CVE-2022-26612</cve>
</suppress>
<suppress>
<notes><![CDATA[
@@ -479,4 +481,5 @@
<packageUrl regex="true">^pkg:maven/org\.asynchttpclient/async-http-client-netty-utils@2.5.3$</packageUrl>
<cve>CVE-2021-43138</cve>
</suppress>
+
</suppressions>
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org