Skip to content

Port CVE suppressions from 24.0.1#13415

Merged
kfaraz merged 4 commits intoapache:masterfrom
rohangarg:port_cve
Nov 23, 2022
Merged

Port CVE suppressions from 24.0.1#13415
kfaraz merged 4 commits intoapache:masterfrom
rohangarg:port_cve

Conversation

@rohangarg
Copy link
Copy Markdown
Member

@rohangarg rohangarg commented Nov 22, 2022

No description provided.

@kfaraz @rohangarg
Suppress jackson-databind CVE-2022-42003 and CVE-2022-42004
e2dce46 
(cherry picked from commit 1f4d892)
@kfaraz @rohangarg
Suppress CVEs
b9ae56e 
(cherry picked from commit ed55baa)

 Conflicts:
	owasp-dependency-check-suppressions.xml
@kfaraz @rohangarg
Suppress vulnerabilities from druid-website package
e280427 
(cherry picked from commit c0fb364)
@kfaraz @rohangarg
Add more suppressions for website package
a9ec5ec 
(cherry picked from commit 9bba569)
kfaraz
kfaraz approved these changes Nov 22, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@kfaraz kfaraz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kfaraz kfaraz merged commit c26b18c into apache:master Nov 23, 2022
@kfaraz kfaraz added this to the 25.0 milestone Nov 24, 2022
kfaraz pushed a commit to kfaraz/druid that referenced this pull request Nov 24, 2022
@rohangarg @kfaraz
Port CVE suppressions from 24.0.1 (apache#13415)
73ee3a3 
* Suppress jackson-databind CVE-2022-42003 and CVE-2022-42004
(cherry picked from commit 1f4d892)
* Suppress CVEs
(cherry picked from commit ed55baa)
* Suppress vulnerabilities from druid-website package
(cherry picked from commit c0fb364)
* Add more suppressions for website package
(cherry picked from commit 9bba569)
@kfaraz kfaraz mentioned this pull request Nov 24, 2022
Merged
kfaraz added a commit that referenced this pull request Nov 24, 2022
@kfaraz @rohangarg
Port CVE suppressions from 24.0.1 (#13415) (#13430)
cca9118 
* Suppress jackson-databind CVE-2022-42003 and CVE-2022-42004
(cherry picked from commit 1f4d892)
* Suppress CVEs
(cherry picked from commit ed55baa)
* Suppress vulnerabilities from druid-website package
(cherry picked from commit c0fb364)
* Add more suppressions for website package
(cherry picked from commit 9bba569)

Co-authored-by: Rohan Garg <7731512+rohangarg@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kfaraz kfaraz kfaraz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

25.0

Development

Successfully merging this pull request may close these issues.

2 participants

@rohangarg @kfaraz