mirror of https://github.com/apache/druid.git
Suppress CVE-2021-27568 from json-smart 2.3 dependency (#11438)
Dependency on hadoop 2.8.5 is preventing us form updating this dependency to a later version. We don't believe that this is a major concern since Druid eats uncaught exceptions, and only displays them in logs. This issue also should only affect ingestion jobs, which can only be run by admin type users.
This commit is contained in:
parent
05d5dd9289
commit
73711a456a
|
@ -57,6 +57,19 @@
|
||||||
<cve>CVE-2020-12690</cve>
|
<cve>CVE-2020-12690</cve>
|
||||||
<cve>CVE-2020-12691</cve>
|
<cve>CVE-2020-12691</cve>
|
||||||
</suppress>
|
</suppress>
|
||||||
|
<suppress>
|
||||||
|
<!--
|
||||||
|
~ CVE-2021-27568:
|
||||||
|
~ dependency on hadoop 2.8.5 is blocking us from updating this dependency. Not a major concern since Druid
|
||||||
|
~ eats uncaught exceptions, and only displays them in logs. This issue also should only affect ingestion
|
||||||
|
~ jobs which can only be run by admin type users.
|
||||||
|
-->
|
||||||
|
<notes><![CDATA[
|
||||||
|
file name: json-smart-2.3.jar
|
||||||
|
]]></notes>
|
||||||
|
<packageUrl regex="true">^pkg:maven/net\.minidev/json\-smart@.*$</packageUrl>
|
||||||
|
<cve>CVE-2021-27568</cve>
|
||||||
|
</suppress>
|
||||||
|
|
||||||
|
|
||||||
<suppress>
|
<suppress>
|
||||||
|
|
Loading…
Reference in New Issue