aboutsummaryrefslogtreecommitdiffstats
path: root/archiva-modules/archiva-web
diff options
context:
space:
mode:
authorMartin Stockhammer <martin_s@apache.org>2021-08-29 21:07:38 +0200
committerMartin Stockhammer <martin_s@apache.org>2021-08-29 21:07:38 +0200
commitf40d750c006656fcfb332de8808cf63b17974ef8 (patch)
tree4b13ba23a1c8fa4ac67203df2cce41c8f0abdad8 /archiva-modules/archiva-web
parent7c4835ba140de0e30746852a8ff64db442e02065 (diff)
downloadarchiva-f40d750c006656fcfb332de8808cf63b17974ef8.tar.gz
archiva-f40d750c006656fcfb332de8808cf63b17974ef8.zip
Dependency changes and vulnerability check
Diffstat (limited to 'archiva-modules/archiva-web')
-rw-r--r--archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml19
1 files changed, 19 insertions, 0 deletions
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml
index 2a3f08f77..c18030118 100644
--- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml
+++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml
@@ -73,4 +73,23 @@
<cpe>cpe:/a:jquery_file_upload_project:jquery_file_upload</cpe>
</suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: jdom2-2.0.6.jar
+ This is a dependency of rometools/rome (RSS library), they addressed the issue (see https://github.com/rometools/rome/issues/469)
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/org\.jdom/jdom2@.*$</packageUrl>
+ <cpe>cpe:/a:jdom:jdom</cpe>
+ <vulnerabilityName>CVE-2021-33813</vulnerabilityName>
+ </suppress>
+
+ <suppress>
+ <notes><![CDATA[
+ file name: native-protocol-1.5.0.jar
+ This is a vulnerability of cassandra server. We will ignore it for the client driver.
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/com\.datastax\.oss/native\-protocol@.*$</packageUrl>
+ <cpe>cpe:/a:apache:cassandra</cpe>
+ <vulnerabilityName>CVE-2020-13946</vulnerabilityName>
+ </suppress>
</suppressions>