diff options
author | Martin Stockhammer <martin_s@apache.org> | 2021-08-29 21:07:38 +0200 |
---|---|---|
committer | Martin Stockhammer <martin_s@apache.org> | 2021-08-29 21:07:38 +0200 |
commit | f40d750c006656fcfb332de8808cf63b17974ef8 (patch) | |
tree | 4b13ba23a1c8fa4ac67203df2cce41c8f0abdad8 /archiva-modules/archiva-web | |
parent | 7c4835ba140de0e30746852a8ff64db442e02065 (diff) | |
download | archiva-f40d750c006656fcfb332de8808cf63b17974ef8.tar.gz archiva-f40d750c006656fcfb332de8808cf63b17974ef8.zip |
Dependency changes and vulnerability check
Diffstat (limited to 'archiva-modules/archiva-web')
-rw-r--r-- | archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml index 2a3f08f77..c18030118 100644 --- a/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml +++ b/archiva-modules/archiva-web/archiva-webapp/src/main/resources/META-INF/owasp/cve-suppressions.xml @@ -73,4 +73,23 @@ <cpe>cpe:/a:jquery_file_upload_project:jquery_file_upload</cpe> </suppress> + <suppress> + <notes><![CDATA[ + file name: jdom2-2.0.6.jar + This is a dependency of rometools/rome (RSS library), they addressed the issue (see https://github.com/rometools/rome/issues/469) + ]]></notes> + <packageUrl regex="true">^pkg:maven/org\.jdom/jdom2@.*$</packageUrl> + <cpe>cpe:/a:jdom:jdom</cpe> + <vulnerabilityName>CVE-2021-33813</vulnerabilityName> + </suppress> + + <suppress> + <notes><![CDATA[ + file name: native-protocol-1.5.0.jar + This is a vulnerability of cassandra server. We will ignore it for the client driver. + ]]></notes> + <packageUrl regex="true">^pkg:maven/com\.datastax\.oss/native\-protocol@.*$</packageUrl> + <cpe>cpe:/a:apache:cassandra</cpe> + <vulnerabilityName>CVE-2020-13946</vulnerabilityName> + </suppress> </suppressions> |