You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by ni...@apache.org on 2022/05/13 15:56:26 UTC
[pulsar] 02/06: [owasp] suppress debezium-connector-postgres CVE-2021-23214 false positive (#14802)
This is an automated email from the ASF dual-hosted git repository.
nicoloboschi pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit de9c718c6d36a39f77de69ef3dc03fd41c5db489
Author: Nicolò Boschi <bo...@gmail.com>
AuthorDate: Mon Mar 28 18:16:38 2022 +0200
[owasp] suppress debezium-connector-postgres CVE-2021-23214 false positive (#14802)
Let's get this in and unblock flaky tests
(cherry picked from commit d03e2d32064d2d52b437c7700078f4a7a4dca2e7)
---
.github/workflows/ci-owasp-dep-check.yaml | 2 ++
src/owasp-dependency-check-false-positives.xml | 9 +++++++++
2 files changed, 11 insertions(+)
diff --git a/.github/workflows/ci-owasp-dep-check.yaml b/.github/workflows/ci-owasp-dep-check.yaml
index 150156b30ec..bcce2b78368 100644
--- a/.github/workflows/ci-owasp-dep-check.yaml
+++ b/.github/workflows/ci-owasp-dep-check.yaml
@@ -51,6 +51,8 @@ jobs:
poms:
- 'pom.xml'
- '**/pom.xml'
+ - 'src/owasp-dependency-check-false-positives.xml'
+ - 'src/owasp-dependency-check-suppressions.xml'
- name: Cache local Maven repository
if: ${{ steps.changes.outputs.poms == 'true' }}
diff --git a/src/owasp-dependency-check-false-positives.xml b/src/owasp-dependency-check-false-positives.xml
index 7b945a2bbc9..191f9d6b02f 100644
--- a/src/owasp-dependency-check-false-positives.xml
+++ b/src/owasp-dependency-check-false-positives.xml
@@ -59,4 +59,13 @@
<packageUrl regex="true">^pkg:maven/io\.netty/netty\-tcnative\-classes@.*$</packageUrl>
<cpe>cpe:/a:netty:netty</cpe>
</suppress>
+
+ <!-- CVE-2021-23214 is about PostGre server -->
+ <suppress>
+ <notes><![CDATA[
+ file name: debezium-connector-postgres-1.7.2.Final.jar
+ ]]></notes>
+ <sha1>69c1edfa7d89531af511fcd07e8516fa450f746a</sha1>
+ <cve>CVE-2021-23214</cve>
+ </suppress>
</suppressions>
\ No newline at end of file