[
https://issues.apache.org/jira/browse/CASSANDRA-20501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17939969#comment-17939969
]
Stefan Miklosovic commented on CASSANDRA-20501:
-----------------------------------------------
OK, so, the plan would be, in this order:
1) one separate ticket for suppression:
trunk - suppress CVE-2024-47535 and CVE-2025-25193
5.0 - suppress CVE-2024-47535 and CVE-2025-25193
4.1 - suppress CVE-2025-25193
4.0 - suppress CVE-2025-25193
2) CVE-2025-24970 will be solved by CASSANDRA-20314
3) Once all is addressed we can bump to dependency checker of version 12.1.0 by
this ticket from 4.0 up to trunk.
> Update to latest dependency-check to fix incompatibility with new data feed
> format
> ----------------------------------------------------------------------------------
>
> Key: CASSANDRA-20501
> URL: https://issues.apache.org/jira/browse/CASSANDRA-20501
> Project: Apache Cassandra
> Issue Type: Task
> Components: Build
> Reporter: Doug Rohrer
> Assignee: Stefan Miklosovic
> Priority: Normal
> Fix For: 3.0.x, 3.11.x, 4.0.x, 4.1.x, 5.0.x, 5.x
>
> Attachments: dependency-check-fix.patch
>
>
> The dependency-check task at the version we have is broken due to a change in
> the format of the data from NVD. See
> [https://github.com/dependency-check/DependencyCheck/issues/7463] for more
> information on the need for this change.
>
> Update to latest (12.1.0, from the new location at
> [https://github.com/dependency-check/DependencyCheck/] as it also moved to a
> GitHub org).
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
