You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by eo...@apache.org on 2022/02/25 07:01:03 UTC

[zookeeper] branch master updated: ZOOKEEPER-4478: Suppress OWASP false positives zookeeper-jute-3.8.0-SNAPSHOT.jar: CVE-2021-29425, CVE-2021-28164, CVE-2021-34429

This is an automated email from the ASF dual-hosted git repository.

eolivelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/master by this push:
     new 3004c90  ZOOKEEPER-4478: Suppress OWASP false positives zookeeper-jute-3.8.0-SNAPSHOT.jar: CVE-2021-29425, CVE-2021-28164, CVE-2021-34429
3004c90 is described below

commit 3004c909b78b3056985c8e39925e14bde3baa430
Author: Enrico Olivelli <eo...@apache.org>
AuthorDate: Fri Feb 25 07:59:07 2022 +0100

    ZOOKEEPER-4478: Suppress OWASP false positives zookeeper-jute-3.8.0-SNAPSHOT.jar: CVE-2021-29425, CVE-2021-28164, CVE-2021-34429
    
    Author: Enrico Olivelli <eo...@apache.org>
    
    Reviewers: Mate Szalay-Beko <sy...@apache.org>
    
    Closes #1824 from eolivelli/ZOOKEEPER-4478-owasp
---
 owaspSuppressions.xml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml
index 4bfec6f..1325af9 100644
--- a/owaspSuppressions.xml
+++ b/owaspSuppressions.xml
@@ -53,4 +53,13 @@
            this writing  -->
       <cve>CVE-2019-3826</cve>
    </suppress>
+
+ 
+   <suppress>
+      <!-- Seems like false positives about zookeeper-jute -->
+      <cve>CVE-2021-29425</cve>
+      <cve>CVE-2021-28164</cve>
+      <cve>CVE-2021-34429</cve>
+   </suppress>
+
 </suppressions>