Suppress CVE-2022-45688

Patch by brandonwilliams; reviewed by bereng for CASSANDRA-18643
apache · Jul 6, 2023 · d302b83 · d302b83
1 parent 00cf318
commit d302b83
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/.build/dependency-check-suppressions.xml b/.build/dependency-check-suppressions.xml
@@ -125,4 +125,10 @@
         <cve>CVE-2023-35116</cve>
     </suppress>
 
+    <!-- https://issues.apache.org/jira/browse/CASSANDRA-18643 -->
+    <suppress>
+        <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-core@.*$</packageUrl>
+        <cve>CVE-2022-45688</cve>
+    </suppress>
+
 </suppressions>
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -1,4 +1,5 @@
 3.11.16
+ * Suppress CVE-2022-45688 (CASSANDRA-18643)
  * Remove unrepaired SSTables from garbage collection when only_purge_repaired_tombstones is true (CASSANDRA-14204)
  * Wait for live endpoints in gossip waiting to settle (CASSANDRA-18543)
  * Fix error message handling when trying to use CLUSTERING ORDER with non-clustering column (CASSANDRA-17818