You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2022/08/19 20:32:00 UTC

[jira] [Commented] (NIFI-10346) Update OWASP Dependency Check Suppressions

    [ https://issues.apache.org/jira/browse/NIFI-10346?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17582028#comment-17582028 ] 

ASF subversion and git services commented on NIFI-10346:
--------------------------------------------------------

Commit d2dbaa3c62124598e2077c44e81d23d8faa1ffcf in nifi's branch refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=d2dbaa3c62 ]

NIFI-10346 Added OWASP Dependency Check Suppressions

- Suppressed Apache Calcite vulnerabilities not applicable to Calcite Avatica subproject
- Suppressed HBase server vulnerabilities not applicable to client libraries
- Suppressed several mismatched product vulnerabilities

This closes #6290
Signed-off-by: Paul Grey <gr...@apache.org>


> Update OWASP Dependency Check Suppressions
> ------------------------------------------
>
>                 Key: NIFI-10346
>                 URL: https://issues.apache.org/jira/browse/NIFI-10346
>             Project: Apache NiFi
>          Issue Type: Task
>          Components: Documentation &amp; Website
>            Reporter: David Handermann
>            Assignee: David Handermann
>            Priority: Minor
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> The OWASP Dependency Check Plugin version 7.1.1 marks several libraries as vulnerable when the vulnerability applies to server components, but not client components. In other cases, the plugin associates vulnerabilities with a different product based on similar naming. The Suppressions configuration should be updated to note and suppress these findings.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)