This is an automated email from the ASF dual-hosted git repository.
brandonwilliams pushed a commit to branch cassandra-3.0
in repository https://gitbox.apache.org/repos/asf/cassandra.git
The following commit(s) were added to refs/heads/cassandra-3.0 by this push:
new 4a62757624 Suppress CVE-2023-2251
4a62757624 is described below
commit 4a62757624d120a0e493d9d39bcd9bf8282b4f58
Author: Brandon Williams <brandonwilli...@apache.org>
AuthorDate: Thu May 4 09:12:18 2023 -0500
Suppress CVE-2023-2251
Patch by brandonwilliams; reviewed by smiklosovic for CASSANDRA-18497
---
.build/dependency-check-suppressions.xml | 1 +
CHANGES.txt | 1 +
2 files changed, 2 insertions(+)
diff --git a/.build/dependency-check-suppressions.xml
b/.build/dependency-check-suppressions.xml
index 4438f2259e..5a87f57c3f 100644
--- a/.build/dependency-check-suppressions.xml
+++ b/.build/dependency-check-suppressions.xml
@@ -23,6 +23,7 @@
<suppress>
<!-- https://issues.apache.org/jira/browse/CASSANDRA-16150 -->
<packageUrl
regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
+ <cve>CVE-2023-2251</cve>
<cve>CVE-2022-38752</cve>
<cve>CVE-2022-38751</cve>
<cve>CVE-2022-38750</cve>
diff --git a/CHANGES.txt b/CHANGES.txt
index 0834f18117..371ba6c526 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
3.0.29
+ * Suppress CVE-2023-2251 (CASSANDRA-18497)
* Do not remove SSTables when cause of FSReadError is OutOfMemoryError while
using best_effort disk failure policy (CASSANDRA-18336)
* Do not remove truncated_at entry in system.local while dropping an index
(CASSANDRA-18105)
* Save host id to system.local and flush immediately after startup
(CASSANDRA-18153)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
