ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stanislav Lukyanov (JIRA)" <j...@apache.org>
Subject [jira] [Created] (IGNITE-9900) Upgrade annotations.jar to a new version
Date Tue, 16 Oct 2018 11:55:00 GMT
Stanislav Lukyanov created IGNITE-9900:

             Summary: Upgrade annotations.jar to a new version
                 Key: IGNITE-9900
                 URL: https://issues.apache.org/jira/browse/IGNITE-9900
             Project: Ignite
          Issue Type: Improvement
            Reporter: Stanislav Lukyanov
            Assignee: Stanislav Lukyanov

OWASP Dependency Check reports that annotations.jar of version 13.0 is affected by vulnerability
while it obviously isn't (the CVE is about XXE attack, and annotations.jar is, well, annotations).

The issue is that NVD database only says that "intellij_idea" is affected, and OWASP doesn't
know better than to map annotations.jar to the intellij_idea product.

While the problem could be (and perhaps will be, see https://youtrack.jetbrains.com/issue/IDEA-200601)
sorted out on the level of OWASP and NVD, the easiest way to workaround this is to upgrade
annotations.jar to a new version (currently 16.0.3). It will help Ignite users to avoid annoying
false-positive warnings from OWASP.

This message was sent by Atlassian JIRA

View raw message