This is an automated email from the ASF dual-hosted git repository. cwylie pushed a commit to branch 0.17.0 in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/0.17.0 by this push: new 47fd6da Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191) 47fd6da is described below commit 47fd6da30c670e4dd7f136e6c549cc751461dcb4 Author: Chi Cao Minh <chi.caom...@imply.io> AuthorDate: Wed Jan 15 00:56:06 2020 -0800 Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191) CVE-2019-20330 was updated on 14 Jan 2020, which now gets flagged by the security vulnerability scan. Since the CVE is for jackson-databind, via htrace-core-4.0.1, it can be added to the existing list of security vulnerability suppressions for that dependency. --- owasp-dependency-check-suppressions.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml index cf88f39..22ab0ec 100644 --- a/owasp-dependency-check-suppressions.xml +++ b/owasp-dependency-check-suppressions.xml @@ -194,5 +194,6 @@ <cve>CVE-2019-16943</cve> <cve>CVE-2019-17267</cve> <cve>CVE-2019-17531</cve> + <cve>CVE-2019-20330</cve> </suppress> </suppressions> --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@druid.apache.org For additional commands, e-mail: commits-h...@druid.apache.org