This is an automated email from the ASF dual-hosted git repository.
pkarwasz pushed a commit to branch release/2.21.0
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
The following commit(s) were added to refs/heads/release/2.21.0 by this push:
new a51955359a Exclude Velocity vulnerability
a51955359a is described below
commit a51955359a2b80e38eed6e9956555419ef6a9247
Author: Piotr P. Karwasz <[email protected]>
AuthorDate: Thu Oct 5 22:33:24 2023 +0200
Exclude Velocity vulnerability
---
osv-scanner.toml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/osv-scanner.toml b/osv-scanner.toml
index 18fd0d5f67..34c9f349a8 100644
--- a/osv-scanner.toml
+++ b/osv-scanner.toml
@@ -29,3 +29,6 @@ reason = "log4j:log4j is a test dependency used in
performance comparisons"
[[IgnoredVulns]]
id = "GHSA-w9p3-5cr8-m3jj"
reason = "log4j:log4j is a test dependency used in performance comparisons"
+[[IgnoredVulns]]
+id = "GHSA-59j4-wjwp-mw9m"
+reason = "Velocity templates are only used at build time and modifiable by
committers."
