From 0027dee79ca8eeaa400c98ae06e6327b0a5d2d78 Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Mon, 19 Jun 2023 19:34:11 -0700 Subject: [PATCH 1/2] Suppress invalid CVE --- buildscripts/dependency-check-suppressions.xml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/buildscripts/dependency-check-suppressions.xml b/buildscripts/dependency-check-suppressions.xml index 8d3d79c55b7..5309ee2b4a2 100644 --- a/buildscripts/dependency-check-suppressions.xml +++ b/buildscripts/dependency-check-suppressions.xml @@ -15,4 +15,11 @@ ^pkg:maven/org.slf4j/jcl-over-slf4j@.*$ cpe:/a:apache:commons_net + + + CVE-2023-35116 is not a valid CVE, see comment from library maintainer + https://github.com/FasterXML/jackson-databind/issues/3972#issuecomment-1596308216 + + CVE-2023-35116 + From 3481fd3d0642f7a79f6d37f8501552cce7eb4b73 Mon Sep 17 00:00:00 2001 From: Trask Stalnaker Date: Mon, 19 Jun 2023 19:42:09 -0700 Subject: [PATCH 2/2] No longer needed --- buildscripts/dependency-check-suppressions.xml | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/buildscripts/dependency-check-suppressions.xml b/buildscripts/dependency-check-suppressions.xml index 5309ee2b4a2..5548d5106dc 100644 --- a/buildscripts/dependency-check-suppressions.xml +++ b/buildscripts/dependency-check-suppressions.xml @@ -1,20 +1,5 @@ - - commons-codec should not be matched to commons_net - ^pkg:maven/commons-codec/commons-codec@.*$ - cpe:/a:apache:commons_net - - - commons-text should not be matched to commons_net - ^pkg:maven/org.apache.commons/commons-text@.*$ - cpe:/a:apache:commons_net - - - jcl-over-slf4j should not be matched to commons_net - ^pkg:maven/org.slf4j/jcl-over-slf4j@.*$ - cpe:/a:apache:commons_net - CVE-2023-35116 is not a valid CVE, see comment from library maintainer