Enrico Olivelli created ZOOKEEPER-4469:
------------------------------------------
Summary: Suppress OWASP false positives related to Netty TCNative
Key: ZOOKEEPER-4469
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4469
Project: ZooKeeper
Issue Type: Task
Components: build
Reporter: Enrico Olivelli
Assignee: Enrico Olivelli
Fix For: 3.8.0, 3.7.1, 3.6.4
OWASP check is reporting this CVEs against netty-tcnative-2.0.48.Final
Those are not problems that affect ZooKeeper, we can exclude them
{code:java}
[ERROR] One or more dependencies were identified with vulnerabilities that have
a CVSS score greater than or equal to '0.0':
[ERROR]
[ERROR] netty-tcnative-2.0.48.Final.jar: CVE-2021-43797, CVE-2019-16869,
CVE-2015-2156, CVE-2021-37136, CVE-2014-3488, CVE-2021-37137, CVE-2019-20445,
CVE-2019-20444, CVE-2021-21295, CVE-2021-21409, CVE-2021-21290
{code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
