Apache/druid
1
0
Fork 0
mirror of https://github.com/apache/druid.git synced 2025-02-21 09:46:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Resolve CVE issues (#15814)

Browse Source 
* Resolve CVE issues

* Update license.yaml
This commit is contained in:
Vishesh Garg 2024-02-01 14:10:12 +05:30 committed by GitHub
parent 7d65caf0c5
commit 5de39c6251
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
licenses.yaml
View File

@ -191,7 +191,7 @@ name: AWS SDK for Java
license_category: binary license_category: binary
module: java-core module: java-core
license_name: Apache License version 2.0 license_name: Apache License version 2.0
version: 1.12.497 version: 1.12.638
libraries: libraries:
- com.amazonaws: aws-java-sdk-core - com.amazonaws: aws-java-sdk-core
- com.amazonaws: aws-java-sdk-ec2 - com.amazonaws: aws-java-sdk-ec2
@ -4632,7 +4632,7 @@ libraries:
name: com.amazonaws aws-java-sdk-bundle name: com.amazonaws aws-java-sdk-bundle
license_category: binary license_category: binary
version: 1.12.497 version: 1.12.638
module: druid-ranger-security module: druid-ranger-security
license_name: Apache License version 2.0 license_name: Apache License version 2.0
libraries: libraries:

21
owasp-dependency-check-suppressions.xml
View File

@ -643,4 +643,25 @@
<cve>CVE-2019-0210</cve> <cve>CVE-2019-0210</cve>
<cve>CVE-2020-13949</cve> <cve>CVE-2020-13949</cve>
</suppress> </suppress>
<suppress>
<notes><![CDATA[
FP per issue #6100 - CVE-2023-36052 since it is related to Azure-cli not to the azure-core libraries
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.azure/azure*@*.*$</packageUrl>
<cve>CVE-2023-36052</cve>
</suppress>
<suppress>
<!-- CVE is for a totally unrelated Sketch mac app -->
<notes><![CDATA[
file name: sketches-java-0.8.2.jar
]]></notes>
<cve>CVE-2021-40531</cve>
</suppress>
<suppress>
<!-- CVE reports versions until 1.10.2 affected. The current version 1.11.1 is already greater and the latest. -->
<notes><![CDATA[
file name: azure-identity-1.11.1.jar
]]></notes>
<cve>CVE-2023-36415</cve>
</suppress>
</suppressions> </suppressions>

2
pom.xml
View File

@ -118,7 +118,7 @@
however it is required in some cases when running against mockito 4.x (mockito 4.x is required for Java <11. however it is required in some cases when running against mockito 4.x (mockito 4.x is required for Java <11.
We use the following property to pick the proper artifact based on Java version (see pre-java-11 profile) --> We use the following property to pick the proper artifact based on Java version (see pre-java-11 profile) -->
<mockito.inline.artifact>core</mockito.inline.artifact> <mockito.inline.artifact>core</mockito.inline.artifact>
<aws.sdk.version>1.12.497</aws.sdk.version> <aws.sdk.version>1.12.638</aws.sdk.version>
<caffeine.version>2.8.0</caffeine.version> <caffeine.version>2.8.0</caffeine.version>
<jacoco.version>0.8.7</jacoco.version> <jacoco.version>0.8.7</jacoco.version>
<hibernate-validator.version>6.2.5.Final</hibernate-validator.version> <hibernate-validator.version>6.2.5.Final</hibernate-validator.version>