zookeeper-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From an...@apache.org
Subject [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3217: owasp job flagging slf4j on trunk
Date Thu, 03 Jan 2019 15:33:37 GMT
This is an automated email from the ASF dual-hosted git repository.

andor pushed a commit to branch branch-3.5
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/branch-3.5 by this push:
     new b966517  ZOOKEEPER-3217: owasp job flagging slf4j on trunk
b966517 is described below

commit b966517208c2c7a6919e4e3af9b5153a921c50b1
Author: Enrico Olivelli - Diennea <eolivelli@apache.org>
AuthorDate: Thu Jan 3 16:32:46 2019 +0100

    ZOOKEEPER-3217: owasp job flagging slf4j on trunk
    
    Disable OWASP checks about slf4j.
    We are not using EventData, so ZooKeeper is not subject to https://nvd.nist.gov/vuln/detail/CVE-2018-8088
    
    Author: Enrico Olivelli - Diennea <eolivelli@apache.org>
    Author: Enrico Olivelli <eolivelli@apache.org>
    
    Reviewers: phunt@apache.org, andor@apache.org
    
    Closes #736 from eolivelli/fix/ZOOKEEPER-3217-owasp and squashes the following commits:
    
    7dd4473a1 [Enrico Olivelli] Add missing license header
    dc9bd75cd [Enrico Olivelli - Diennea] ZOOKEEPER-3217 owasp job flagging slf4j on trunk
    
    (cherry picked from commit 4a8fda7031d68236441b13bd878936b2607c5244)
    Signed-off-by: Andor Molnar <andor@apache.org>
---
 build.xml             |  1 +
 owaspSuppressions.xml | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/build.xml b/build.xml
index 0216a11..a119a0d 100644
--- a/build.xml
+++ b/build.xml
@@ -1698,6 +1698,7 @@ xmlns:cs="antlib:com.puppycrawl.tools.checkstyle.ant">
                           reportoutputdirectory="${owasp.out.dir}"
                           reportformat="ALL"
                           failBuildOnCVSS="0">
+            <suppressionfile path="${basedir}/owaspSuppressions.xml" />
 
             <fileset dir="${ivy.lib}">
                 <include name="**/*.jar"/>
diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml
new file mode 100644
index 0000000..0165b9a
--- /dev/null
+++ b/owaspSuppressions.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+-->
+
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
+   <suppress>
+      <!-- ZOOKEEPER-3217 -->
+      <cve>CVE-2018-8088</cve>
+   </suppress>
+</suppressions>


Mime
View raw message