This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch branch-2.9
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.9 by this push:
new d02c34a8e6e [fix][build] Resolve OWASP Dependency Check false
positives (#19120)
d02c34a8e6e is described below
commit d02c34a8e6eca23bc1ca9f1fc2c53923dcd64a3c
Author: Lari Hotari <[email protected]>
AuthorDate: Mon Jan 2 15:38:29 2023 +0200
[fix][build] Resolve OWASP Dependency Check false positives (#19120)
(cherry picked from commit f912fb3931a99575f4b8c93ce8174d53b19336c3)
---
src/owasp-dependency-check-false-positives.xml | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/owasp-dependency-check-false-positives.xml
b/src/owasp-dependency-check-false-positives.xml
index 4984db5762b..85ca6046a6f 100644
--- a/src/owasp-dependency-check-false-positives.xml
+++ b/src/owasp-dependency-check-false-positives.xml
@@ -32,6 +32,12 @@
<gav regex="true">org\.apache\.pulsar:.*</gav>
<cpe>cpe:/a:apache:zookeeper</cpe>
</suppress>
+ <suppress>
+ <notes>
+ apache:apache_http_server is not used.
+ </notes>
+ <cpe>cpe:/a:apache:apache_http_server</cpe>
+ </suppress>
<suppress>
<notes>pulsar-package-bookkeeper-storage gets mixed with
bookkeeper.</notes>
<gav regex="true">org\.apache\.pulsar:.*</gav>
@@ -68,4 +74,9 @@
<sha1>1a754a5dd672218a2ac667d7ff2b28df7a5a240e</sha1>
<cve>CVE-2022-25647</cve>
</suppress>
+
+ <suppress>
+ <notes>commons-net is not used at all and therefore commons-net
vulnerability CVE-2021-37533 is a false positive.</notes>
+ <cve>CVE-2021-37533</cve>
+ </suppress>
</suppressions>
\ No newline at end of file
