Skip to content

Commit

Permalink
ZOOKEEPER-4469: Suppress OWASP false positives related to Netty TCNative
Browse files Browse the repository at this point in the history 
More context here:
https://issues.apache.org/jira/browse/ZOOKEEPER-4469

I am also updating the OWASP dependency check

Author: Enrico Olivelli <eolivelli@apache.org>

Reviewers: Norbert Kalmar <nkalmar@apache.org>, Mate Szalay-Beko <symat@apache.org>

Closes #1817 from eolivelli/ZOOKEEPER-4469

(cherry picked from commit 428e6f9)
  • Loading branch information
@eolivelli @symat
eolivelli authored and symat committed Feb 14, 2022
1 parent 470b97d commit 68c8e70
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 1 deletion.
12 changes: 12 additions & 0 deletions owaspSuppressions.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,18 @@
<!-- https://github.com/jeremylong/DependencyCheck/issues/1653
False positive on Netty 4.x-->
<cve>CVE-2018-12056</cve>
<!-- other false positives related to Netty TCNative 4.x -->
<cve>CVE-2021-43797</cve>
<cve>CVE-2019-16869</cve>
<cve>CVE-2015-2156</cve>
<cve>CVE-2021-37136</cve>
<cve>CVE-2014-3488</cve>
<cve>CVE-2021-37137</cve>
<cve>CVE-2019-20445</cve>
<cve>CVE-2019-20444</cve>
<cve>CVE-2021-21295</cve>
<cve>CVE-2021-21409</cve>
<cve>CVE-2021-21290</cve>
</suppress>
<suppress>
<!-- Seems like false positive - we are not using Prometheus
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -672,7 +672,7 @@
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>5.3.0</version>
<version>6.5.3</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
Expand Down

0 comments on commit 68c8e70

Please sign in to comment.