zookeeper-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From an...@apache.org
Subject [zookeeper] branch branch-3.4 updated: ZOOKEEPER-3217: owasp job flagging slf4j on trunk
Date Thu, 03 Jan 2019 15:33:53 GMT
This is an automated email from the ASF dual-hosted git repository.

andor pushed a commit to branch branch-3.4
in repository https://gitbox.apache.org/repos/asf/zookeeper.git

The following commit(s) were added to refs/heads/branch-3.4 by this push:
     new cde787f  ZOOKEEPER-3217: owasp job flagging slf4j on trunk
cde787f is described below

commit cde787f709e248f1fcc665de64760580e835de41
Author: Enrico Olivelli - Diennea <eolivelli@apache.org>
AuthorDate: Thu Jan 3 16:32:46 2019 +0100

    ZOOKEEPER-3217: owasp job flagging slf4j on trunk
    Disable OWASP checks about slf4j.
    We are not using EventData, so ZooKeeper is not subject to https://nvd.nist.gov/vuln/detail/CVE-2018-8088
    Author: Enrico Olivelli - Diennea <eolivelli@apache.org>
    Author: Enrico Olivelli <eolivelli@apache.org>
    Reviewers: phunt@apache.org, andor@apache.org
    Closes #736 from eolivelli/fix/ZOOKEEPER-3217-owasp and squashes the following commits:
    7dd4473a1 [Enrico Olivelli] Add missing license header
    dc9bd75cd [Enrico Olivelli - Diennea] ZOOKEEPER-3217 owasp job flagging slf4j on trunk
    (cherry picked from commit 4a8fda7031d68236441b13bd878936b2607c5244)
    Signed-off-by: Andor Molnar <andor@apache.org>
 build.xml             |  1 +
 owaspSuppressions.xml | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/build.xml b/build.xml
index 9762956..87df869 100644
--- a/build.xml
+++ b/build.xml
@@ -1762,6 +1762,7 @@ xmlns:cs="antlib:com.puppycrawl.tools.checkstyle">
+            <suppressionfile path="${basedir}/owaspSuppressions.xml" />
             <fileset dir="${ivy.lib}">
                 <include name="**/*.jar"/>
diff --git a/owaspSuppressions.xml b/owaspSuppressions.xml
new file mode 100644
index 0000000..0165b9a
--- /dev/null
+++ b/owaspSuppressions.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
+   <suppress>
+      <!-- ZOOKEEPER-3217 -->
+      <cve>CVE-2018-8088</cve>
+   </suppress>

View raw message