You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For #3865 only netty-tcnative-classes received a suppression for the false netty:netty CPE link. However also other libraries of the netty tcnative multimodule project are affected by the same FP as can be seen from the issue-comments:
It fails for us in 6.5.3 as well, did anyone still notice the issue on latest version?
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:6.5.3:check (default-cli) on project zookeeper:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '0.0':
[ERROR]
[ERROR] netty-tcnative-2.0.48.Final.jar: CVE-2021-43797, CVE-2019-16869, CVE-2015-2156, CVE-2021-37136, CVE-2014-3488, CVE-2021-37137, CVE-2019-20445, CVE-2019-20444, CVE-2021-21295, CVE-2021-21409, CVE-2021-21290
Was this supposed to be fixed in 7.0.0? Because if yes, then the error is still there
[ERROR] Failed to execute goal org.owasp:dependency-check-maven:7.0.0:check (default) on project ***REDACTED***:
[ERROR]
[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7.0':
[ERROR]
[ERROR] netty-tcnative-boringssl-static-2.0.48.Final-osx-x86_64.jar: CVE-2015-1346(7.5), CVE-2011-1797(9.3), CVE-2017-7000(8.8), CVE-2015-1205(7.5)
[ERROR]
[ERROR] See the dependency-check report for more details.
[ERROR] -> [Help 1]
For #3865 only netty-tcnative-classes received a suppression for the false
netty:netty
CPE link. However also other libraries of the netty tcnative multimodule project are affected by the same FP as can be seen from the issue-comments:It fails for us in 6.5.3 as well, did anyone still notice the issue on latest version?
For more info see discussion on the PR: apache/zookeeper#1817
Originally posted by @nkalmar in #3865 (comment)
The text was updated successfully, but these errors were encountered: