This is an automated email from the ASF dual-hosted git repository. brandonwilliams pushed a commit to branch cassandra-4.0 in repository https://gitbox.apache.org/repos/asf/cassandra.git
commit f9364e4f44b0d37905713a76d088218645ab72fb Author: Brandon Williams <brandonwilli...@apache.org> AuthorDate: Thu Mar 30 10:14:07 2023 -0500 Suppress CVE-2022-45688 Patch by brandonwilliams; reviewed by bereng for CASSANDRA-18389 --- .build/dependency-check-suppressions.xml | 5 +++++ CHANGES.txt | 1 + 2 files changed, 6 insertions(+) diff --git a/.build/dependency-check-suppressions.xml b/.build/dependency-check-suppressions.xml index b0603e3f90..68c97bb777 100644 --- a/.build/dependency-check-suppressions.xml +++ b/.build/dependency-check-suppressions.xml @@ -114,5 +114,10 @@ <cve>CVE-2022-42003</cve> <cve>CVE-2022-42004</cve> </suppress> + <!-- https://issues.apache.org/jira/browse/CASSANDRA-18389 --> + <suppress> + <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-core.*$</packageUrl> + <cve>CVE-2022-45688</cve> + </suppress> </suppressions> diff --git a/CHANGES.txt b/CHANGES.txt index f38ce34b95..8b61cdad82 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,5 @@ 3.11.15 + * Suppress CVE-2022-45688 (CASSANDRA-18389) * Fix Splitter sometimes creating more splits than requested (CASSANDRA-18013) Merged from 3.0: * Fix RepairJob unnecessarily reporting cancellation error (CASSANDRA-17701) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org