This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.10 by this push:
new b8cdc06182b [fix][build] Resolve OWASP Dependency Check false
positives (#19120)
b8cdc06182b is described below
commit b8cdc06182bf708d6dc418d5c3f614bc1fdb4b96
Author: Lari Hotari <[email protected]>
AuthorDate: Mon Jan 2 15:38:29 2023 +0200
[fix][build] Resolve OWASP Dependency Check false positives (#19120)
(cherry picked from commit f912fb3931a99575f4b8c93ce8174d53b19336c3)
---
src/owasp-dependency-check-false-positives.xml | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/owasp-dependency-check-false-positives.xml
b/src/owasp-dependency-check-false-positives.xml
index ea558818665..17c44e7385d 100644
--- a/src/owasp-dependency-check-false-positives.xml
+++ b/src/owasp-dependency-check-false-positives.xml
@@ -27,6 +27,12 @@
</notes>
<cpe>cpe:/a:apache:http_server</cpe>
</suppress>
+ <suppress>
+ <notes>
+ apache:apache_http_server is not used.
+ </notes>
+ <cpe>cpe:/a:apache:apache_http_server</cpe>
+ </suppress>
<suppress>
<notes>pulsar-package-bookkeeper-storage gets mixed with
bookkeeper.</notes>
<gav regex="true">org\.apache\.pulsar:.*</gav>
@@ -106,4 +112,9 @@
<sha1>1a754a5dd672218a2ac667d7ff2b28df7a5a240e</sha1>
<cve>CVE-2022-25647</cve>
</suppress>
+
+ <suppress>
+ <notes>commons-net is not used at all and therefore commons-net
vulnerability CVE-2021-37533 is a false positive.</notes>
+ <cve>CVE-2021-37533</cve>
+ </suppress>
</suppressions>
\ No newline at end of file
