This is an automated email from the ASF dual-hosted git repository. cwylie pushed a commit to branch 0.21.1 in repository https://gitbox.apache.org/repos/asf/druid.git
The following commit(s) were added to refs/heads/0.21.1 by this push: new db67938 Suppressing false positive CVE-2020-7791 (#11215) (#11217) db67938 is described below commit db679380a0ef14160e5bfcb335eff74b4e7b99ae Author: Clint Wylie <cwy...@apache.org> AuthorDate: Fri May 7 01:22:20 2021 -0700 Suppressing false positive CVE-2020-7791 (#11215) (#11217) * suppressing false positive CVE-2020-7791 * add comments Co-authored-by: Maytas Monsereenusorn <mayt...@apache.org> --- owasp-dependency-check-suppressions.xml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml index 30147fb..5326442 100644 --- a/owasp-dependency-check-suppressions.xml +++ b/owasp-dependency-check-suppressions.xml @@ -158,6 +158,14 @@ <cve>CVE-2019-17195</cve> </suppress> <suppress> + <!-- This CVE is a false positive. The CVE is not for apacheds-i18n --> + <notes><![CDATA[ + file name: apacheds-i18n-2.0.0-M15.jar + ]]></notes> + <packageUrl regex="true">^pkg:maven/org\.apache\.directory\.server/apacheds\-i18n@.*$</packageUrl> + <cve>CVE-2020-7791</cve> + </suppress> + <suppress> <!-- TODO: Fix by using com.datastax.oss:java-driver-core instead of com.netflix.astyanax:astyanax in extensions-contrib/cassandra-storage --> <notes><![CDATA[ file name: libthrift-0.6.1.jar --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@druid.apache.org For additional commands, e-mail: commits-h...@druid.apache.org