Upgrade to OWASP 8.3.1

Patch by brandonwilliams; reviewed by edimitrova for CASSANDRA-18650
apache · Jul 7, 2023 · 493d15f · 493d15f
1 parent 7150cc5
commit 493d15f
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/.build/build-owasp.xml b/.build/build-owasp.xml
@@ -17,7 +17,7 @@
   ~ limitations under the License.
   -->
 <project basedir="." name="apache-cassandra-owasp-tasks">
-    <property name="dependency-check.version" value="6.3.2"/>
+    <property name="dependency-check.version" value="8.3.1"/>
     <property name="dependency-check.home" value="${build.dir}/dependency-check-ant-${dependency-check.version}"/>
 
     <condition property="is.dependency.check.jar">

diff --git a/.build/dependency-check-suppressions.xml b/.build/dependency-check-suppressions.xml
@@ -116,6 +116,14 @@
         <cve>CVE-2018-11798</cve>
         <cve>CVE-2019-0205</cve>
     </suppress>
+    <suppress>
+        <packageUrl regex="true">^pkg:maven/com\.thinkaurelius\.thrift/thrift-server@.*$</packageUrl>
+        <cve>CVE-2015-3254</cve>
+        <cve>CVE-2016-5397</cve>
+        <cve>CVE-2018-1320</cve>
+        <cve>CVE-2018-11798</cve>
+        <cve>CVE-2019-0205</cve>
+    </suppress>
 
     <!-- https://issues.apache.org/jira/browse/CASSANDRA-16056 -->
     <!-- https://issues.apache.org/jira/browse/CASSANDRA-15416 -->
@@ -138,6 +146,8 @@
     <suppress>
         <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
         <cve>CVE-2023-35116</cve>
+	<cve>CVE-2022-42003</cve>
+	<cve>CVE-2022-42004</cve>
     </suppress>
 
 </suppressions>
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -1,4 +1,5 @@
 3.0.30
+ * Upgrade OWASP to 8.3.1 (CASSANDRA-18650)
  * Suppress CVE-2023-34462 (CASSANDRA-18649)
  * Add support for AWS Ec2 IMDSv2 (CASSANDRA-16555)
  * Suppress CVE-2023-35116 (CASSANDRA-18630)