Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WFLY-18073] Add the OWASP dependency-check plugin to the WildFly build. #17686

Merged
merged 35 commits into from Apr 2, 2024
Merged

[WFLY-18073] Add the OWASP dependency-check plugin to the WildFly build. #17686

merged 35 commits into from Apr 2, 2024

Commits on Feb 9, 2024

  1. [WFLY-18073] Add the OWASP Dependency Check Plugin

    @darranl
    darranl committed Feb 9, 2024
    Configuration menu
    Copy the full SHA
    71d0344 View commit details
    Browse the repository at this point in the history

  2. [WFLY-18073] Add a supression file and start by excluding ApacheDS as… 

    … only used for tests.
    @darranl
    darranl committed Feb 9, 2024
    Configuration menu
    Copy the full SHA
    1d8884e View commit details
    Browse the repository at this point in the history

  3. [WFLY-18073] Add CPE supressions for the Artemis integration artefact.

    @darranl
    darranl committed Feb 9, 2024
    Configuration menu
    Copy the full SHA
    d3dbd10 View commit details
    Browse the repository at this point in the history

  4. Merge branch 'WFLY-19022' into WFLY-18073

    @darranl
    darranl committed Feb 9, 2024
    Configuration menu
    Copy the full SHA
    939696e View commit details
    Browse the repository at this point in the history

  5. [WFLY-18073] Supress the expressly to glassfish CPE mapping.

    @darranl
    darranl committed Feb 9, 2024
    Configuration menu
    Copy the full SHA
    56195a1 View commit details
    Browse the repository at this point in the history

  6. [WFLY-18073] Supress CVE-2023-44487 against grpc-api as it applies to… 

    … grpc-go
    @darranl
    darranl committed Feb 9, 2024
    Configuration menu
    Copy the full SHA
    e91589f View commit details
    Browse the repository at this point in the history

  7. [WDLY-18073] Supress CVE-2018-14335 as rejected by h2database.

    @darranl
    darranl committed Feb 9, 2024
    Configuration menu
    Copy the full SHA
    98721fe View commit details
    Browse the repository at this point in the history

  8. [WFLY-18073] Supress CVE-2023-35116 as FasterXML dispute that this is… 

    … a vulnerability.
    @darranl
    darranl committed Feb 9, 2024
    Configuration menu
    Copy the full SHA
    5688437 View commit details
    Browse the repository at this point in the history

  9. [WFLY-18073] This module is the Elytron security integration with Res… 

    …tEasy so don't associate with the RestEasy CPE.
    @darranl
    darranl committed Feb 9, 2024
    Configuration menu
    Copy the full SHA
    de46a49 View commit details
    Browse the repository at this point in the history

  10. [WFLY-18073] Supressing CVE-2020-1732, we have compensated for this b… 

    …y associating the CallbackHandler with a ThreadLocal.
    @darranl
    darranl committed Feb 9, 2024
    Configuration menu
    Copy the full SHA
    9f090a5 View commit details
    Browse the repository at this point in the history

  11. [WFLY-18073] The EJB client is different to the IIOP client.

    @darranl
    darranl committed Feb 9, 2024
    Configuration menu
    Copy the full SHA
    3dd1d53 View commit details
    Browse the repository at this point in the history

  12. [WFLY-18073] Supress CVE-2016-2141 when reported against jgroups-aws … 

    …as this applies to the top level jgroups project.

This is not a CPE supression as CVEs raised against this artefact could
use a similar CPE.
    @darranl
    darranl committed Feb 9, 2024
    Configuration menu
    Copy the full SHA
    f755360 View commit details
    Browse the repository at this point in the history

Commits on Feb 14, 2024

  1. [WFLY-18073] Synchronise changes from main.

    @darranl
    darranl committed Feb 14, 2024
    Configuration menu
    Copy the full SHA
    34147d4 View commit details
    Browse the repository at this point in the history

  2. [WFLY-18073] Remove supression rule with no matches.

    @darranl
    darranl committed Feb 14, 2024
    Configuration menu
    Copy the full SHA
    241d14b View commit details
    Browse the repository at this point in the history

  3. [WFLY-18073] Supress CVE-2021-41973 for mina-core as this comes in vi… 

    …a ApacheDS for testing.
    @darranl
    darranl committed Feb 14, 2024
    Configuration menu
    Copy the full SHA
    eaf8d1b View commit details
    Browse the repository at this point in the history

  4. [WFLY-18073] mvc-krazo is a separate project.

    @darranl
    darranl committed Feb 14, 2024
    Configuration menu
    Copy the full SHA
    dfa23f1 View commit details
    Browse the repository at this point in the history

  5. [WFLY-18073] Include nimbus-jose-jwt component upgrade.

    @darranl
    darranl committed Feb 14, 2024
    Configuration menu
    Copy the full SHA
    0ea95f2 View commit details
    Browse the repository at this point in the history

  6. [WFLY-18073] The transformer-api is maintained in a separate project … 

    …to WildFly.
    @darranl
    darranl committed Feb 14, 2024
    Configuration menu
    Copy the full SHA
    1b7eb4a View commit details
    Browse the repository at this point in the history

Commits on Mar 4, 2024

  1. Merge remote-tracking branch 'upstream/main' into WFLY-18073

    @darranl
    darranl committed Mar 4, 2024
    Configuration menu
    Copy the full SHA
    798dac4 View commit details
    Browse the repository at this point in the history

  2. [WFLY-19088] Upgrade Apache James Mime4j to 0.8.10

    @darranl
    darranl committed Mar 4, 2024
    Configuration menu
    Copy the full SHA
    5018221 View commit details
    Browse the repository at this point in the history

  3. Merge branch 'WFLY-19088' into WFLY-18073

    @darranl
    darranl committed Mar 4, 2024
    Configuration menu
    Copy the full SHA
    e0f3eb6 View commit details
    Browse the repository at this point in the history

  4. [WFLY-18073] Supress CVE-2024-25710 and CVE-2024-26308 as commons-com… 

    …press is a test dependency via testcontainer.
    @darranl
    darranl committed Mar 4, 2024
    Configuration menu
    Copy the full SHA
    375cdb4 View commit details
    Browse the repository at this point in the history

  5. [WFLY-18073] Supress the OTel CVEs as these are against other compone… 

    …nts such as Python and Go.
    @darranl
    darranl committed Mar 4, 2024
    Configuration menu
    Copy the full SHA
    6387d4d View commit details
    Browse the repository at this point in the history

  6. [WFLY-18073] Supress CPE cpe:2.3:a:linux_audit_project:linux_audit:2.… 

    …3.1:*:*:*:*:*:*:* as this is a bad match for Elytron.
    @darranl
    darranl committed Mar 4, 2024
    Configuration menu
    Copy the full SHA
    cc31ca9 View commit details
    Browse the repository at this point in the history

  7. [WFLY-18073] Set of Rest Easy supressions that relate to RestEasy ite… 

    …self not these separate projects.
    @darranl
    darranl committed Mar 4, 2024
    Configuration menu
    Copy the full SHA
    f33627e View commit details
    Browse the repository at this point in the history

  8. [WFLY-18073] Supress CVE-2016-6311 for Undertow as WildFly contains i… 

    …t's own fix.
    @darranl
    darranl committed Mar 4, 2024
    Configuration menu
    Copy the full SHA
    dcfd1f2 View commit details
    Browse the repository at this point in the history

  9. [WFLY-18073] Exclude all WildFly Core components mapped to redhat:wil… 

    …dfly CPE.
    @darranl
    darranl committed Mar 4, 2024
    Configuration menu
    Copy the full SHA
    a94fc5f View commit details
    Browse the repository at this point in the history

  10. [WFLY-18073] wildfly-plugins-core is not WildFly and not WildFly Core… 

    … so add supressions.
    @darranl
    darranl committed Mar 4, 2024
    Configuration menu
    Copy the full SHA
    ebf3246 View commit details
    Browse the repository at this point in the history

  11. [WFLY-18073] The Galleon Plugins transformer artifact should not matc… 

    …h cpe redhat:wildfly.
    @darranl
    darranl committed Mar 4, 2024
    Configuration menu
    Copy the full SHA
    ea06db8 View commit details
    Browse the repository at this point in the history

  12. [WFLY-18073] Avoid deployment transformer getting mapped to redhat:wi… 

    …ldfly CPE.
    @darranl
    darranl committed Mar 4, 2024
    Configuration menu
    Copy the full SHA
    63c966f View commit details
    Browse the repository at this point in the history

  13. [WFLY-18073] Avoid wildfly-galleon-plugins mapping to redhat:wildfly CPE

    @darranl
    darranl committed Mar 4, 2024
    Configuration menu
    Copy the full SHA
    cedb66a View commit details
    Browse the repository at this point in the history

  14. [WFLY-18073] Move the dependency-check plugin into it's own profile.

    @darranl
    darranl committed Mar 4, 2024
    Configuration menu
    Copy the full SHA
    e203bef View commit details
    Browse the repository at this point in the history

  15. [WFLY-18073] Correct the name of the suppression file.

    @darranl
    darranl committed Mar 4, 2024
    Configuration menu
    Copy the full SHA
    7b3d618 View commit details
    Browse the repository at this point in the history

Commits on Mar 8, 2024

  1. [WFLY-18073] Ignore CVE-2021-20293 for two reasons: 

     1. It is not matched against the correct components.
 2. It was decided this is not a CVE and is the user's responsibility.
    @darranl
    darranl committed Mar 8, 2024
    Configuration menu
    Copy the full SHA
    7d85cd5 View commit details
    Browse the repository at this point in the history

Commits on Mar 15, 2024

  1. [WFLY-18073] This CVE should not be matching against resteasy-spring, 

    the affected functionality has also been removed from RestEasy already.
    @darranl
    darranl committed Mar 15, 2024
    Configuration menu
    Copy the full SHA
    529d77d View commit details
    Browse the repository at this point in the history