Skip to content

Commit 7ae35ff

Browse files
rjeberhardrjeberhard
committed
Update OWASP suppression file
1 parent 846f0be commit 7ae35ff

File tree

2 files changed

+6
-31
lines changed

2 files changed

+6
-31
lines changed

build-tools/dependency-check/dependency-check-suppression.xml

Lines changed: 5 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -1,29 +1,5 @@
11
<?xml version="1.0" encoding="UTF-8"?>
22
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
3-
<suppress>
4-
<packageUrl regex="true">^pkg:maven/jakarta\.ws\.rs/jakarta\.ws\.rs-api@.*$</packageUrl>
5-
<cpe>cpe:/a:eclipse:eclipse_ide</cpe>
6-
</suppress>
7-
<suppress>
8-
<packageUrl regex="true">^pkg:maven/io\.kubernetes/client\-java@.*$</packageUrl>
9-
<cpe>cpe:/a:kubernetes:kubernetes</cpe>
10-
</suppress>
11-
<suppress>
12-
<packageUrl regex="true">^pkg:maven/io\.kubernetes/client\-java\-api@.*$</packageUrl>
13-
<cpe>cpe:/a:kubernetes:kubernetes</cpe>
14-
</suppress>
15-
<suppress>
16-
<packageUrl regex="true">^pkg:maven/io\.kubernetes/client\-java\-api\-fluent@.*$</packageUrl>
17-
<cpe>cpe:/a:kubernetes:kubernetes</cpe>
18-
</suppress>
19-
<suppress>
20-
<packageUrl regex="true">^pkg:maven/io\.kubernetes/client\-java\-proto@.*$</packageUrl>
21-
<cpe>cpe:/a:kubernetes:kubernetes</cpe>
22-
</suppress>
23-
<suppress>
24-
<packageUrl regex="true">^pkg:maven/com\.google\.protobuf/protobuf\-java@.*$</packageUrl>
25-
<cpe>cpe:/a:google:protobuf-java</cpe>
26-
</suppress>
273
<suppress>
284
<packageUrl regex="true">^pkg:maven/oracle\.kubernetes/weblogic\-kubernetes\-operator@.*$</packageUrl>
295
<cpe>cpe:/a:kubernetes:kubernetes</cpe>
@@ -45,11 +21,10 @@
4521
<cpe>cpe:/a:kubernetes:kubernetes</cpe>
4622
</suppress>
4723
<suppress>
48-
<packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib\-jdk7@.*$</packageUrl>
49-
<cpe>cpe:/a:jetbrains:kotlin</cpe>
50-
</suppress>
51-
<suppress>
52-
<packageUrl regex="true">^pkg:maven/org\.jetbrains\.kotlin/kotlin\-stdlib\-jdk8@.*$</packageUrl>
53-
<cpe>cpe:/a:jetbrains:kotlin</cpe>
24+
<notes><![CDATA[
25+
This CVE is in dispute for the very reason that it does not apply to us. We do not use databind for processing protocol data, but use it to write our own objects.
26+
]]></notes>
27+
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson-databind@.*$</packageUrl>
28+
<vulnerabilityName>CVE-2023-35116</vulnerabilityName>
5429
</suppress>
5530
</suppressions>

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -307,7 +307,7 @@
307307
<configuration>
308308
<skip>${skip.dependency-check}</skip>
309309
<skipTestScope>true</skipTestScope>
310-
<failBuildOnAnyVulnerability>false</failBuildOnAnyVulnerability>
310+
<failBuildOnCVSS>0</failBuildOnCVSS>
311311
<assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
312312
<formats>
313313
<format>HTML</format>

0 commit comments

Comments
 (0)