This is an automated email from the ASF dual-hosted git repository. brandonwilliams pushed a commit to branch cassandra-3.0 in repository https://gitbox.apache.org/repos/asf/cassandra.git
The following commit(s) were added to refs/heads/cassandra-3.0 by this push: new d99bccd649 Suppress CVE-2023-34455, CVE-2023-34454, CVE-2023-34453 d99bccd649 is described below commit d99bccd6493ceb7aed4e05b05f81913ea876d855 Author: Brandon Williams <brandonwilli...@apache.org> AuthorDate: Thu Jun 22 11:55:09 2023 -0500 Suppress CVE-2023-34455, CVE-2023-34454, CVE-2023-34453 Patch by brandonwilliams; reviewed by bereng for CASSANDRA-18608 --- .build/dependency-check-suppressions.xml | 7 +++++++ CHANGES.txt | 1 + 2 files changed, 8 insertions(+) diff --git a/.build/dependency-check-suppressions.xml b/.build/dependency-check-suppressions.xml index 02dbb8dd92..08bf3f7236 100644 --- a/.build/dependency-check-suppressions.xml +++ b/.build/dependency-check-suppressions.xml @@ -20,6 +20,13 @@ https://jeremylong.github.io/DependencyCheck/general/suppression.html --> <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> + <suppress> + <!-- https://issues.apache.org/jira/browse/CASSANDRA-18608 --> + <packageUrl regex="true">^pkg:maven/org\.xerial\.snappy/snappy\-java@.*$</packageUrl> + <cve>CVE-2023-34453</cve> + <cve>CVE-2023-34454</cve> + <cve>CVE-2023-34455</cve> + </suppress> <suppress> <!-- https://issues.apache.org/jira/browse/CASSANDRA-16150 --> <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl> diff --git a/CHANGES.txt b/CHANGES.txt index 6e0853c3a4..43b4cc40fb 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,4 +1,5 @@ 3.0.30 + * Suppress CVE-2023-34455, CVE-2023-34454, CVE-2023-34453 (CASSANDRA-18608) * Backport CASSANDRA-10508: Remove hard-coded SSL cipher suites (CASSANDRA-18575) * Suppress CVE-2023-2976 (CASSANDRA-18562) * Remove dh_python use in Debian packaging (CASSANDRA-18558) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org