Apache
/
druid
mirror of https://github.com/apache/druid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Suppress CVE in libthrift (#11093)

This commit is contained in:
Suneet Saldanha 2021-04-12 18:13:42 -07:00 committed by GitHub
parent a6a2758095
commit c86178aaeb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
owasp-dependency-check-suppressions.xml
View File

@ -307,6 +307,13 @@
]]></notes>
<cve>CVE-2017-15288</cve>
</suppress>
<suppress until="2021-04-30">
<!-- Suppress this until https://github.com/apache/druid/issues/11028 is resolved. -->
<notes><![CDATA[
This vulnerability should be fixed soon and the suppression should be removed.
]]></notes>
<cve>CVE-2020-13949</cve>
</suppress>
<suppress>
<!-- (avro, parquet, integration-tests) we don't allow velocity templates to be uploaded by untrusted users -->