You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by ji...@apache.org on 2020/04/03 17:34:09 UTC
[druid] branch master updated: Suppress CVEs for
jackson-mapper-asl:1.9.13 (#9604)
This is an automated email from the ASF dual-hosted git repository.
jihoonson pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/master by this push:
new b541996 Suppress CVEs for jackson-mapper-asl:1.9.13 (#9604)
b541996 is described below
commit b5419962f0995daf0d4361a137f5f6c123fd9aa0
Author: Chi Cao Minh <ch...@imply.io>
AuthorDate: Fri Apr 3 10:33:52 2020 -0700
Suppress CVEs for jackson-mapper-asl:1.9.13 (#9604)
The jackson-mapper-asl:1.9.13 CVEs via curator-x-discovery are all
suppressed for now as fixing them requires updating the curator version.
---
owasp-dependency-check-suppressions.xml | 13 ++-----------
1 file changed, 2 insertions(+), 11 deletions(-)
diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml
index ebeb371..a6433a1 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml
@@ -122,17 +122,8 @@
<notes><![CDATA[
file name: jackson-mapper-asl-1.9.13.jar
]]></notes>
- <packageUrl regex="true">^pkg:maven/org\.codehaus\.jackson/jackson\-mapper\-asl@.*$</packageUrl>
- <cve>CVE-2017-7525</cve>
- <cve>CVE-2017-15095</cve>
- <cve>CVE-2017-17485</cve>
- <cve>CVE-2018-5968</cve>
- <cve>CVE-2018-7489</cve>
- <cve>CVE-2018-14718</cve>
- <cve>CVE-2019-10172</cve>
- <cve>CVE-2019-14540</cve>
- <cve>CVE-2019-16335</cve>
- <cve>CVE-2019-17267</cve>
+ <packageUrl regex="true">^pkg:maven/org\.codehaus\.jackson/jackson\-mapper\-asl@1.9.13$</packageUrl>
+ <cvssBelow>10</cvssBelow> <!-- suppress all CVEs for jackson-mapper-asl:1.9.13 ince it is via curator-x-discovery -->
</suppress>
<suppress>
<!-- TODO: Fix by updating org.apache.druid.java.util.http.client.NettyHttpClient to use netty 4 -->
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org