Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-11371 Upgraded Ranger from 2.3.0 to 2.4.0 

- Updated Elasticsearch client false positive vulnerability suppressions for new Ranger transitive dependencies

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #7109.
This commit is contained in:
exceptionfactory 2023-04-01 18:02:38 -05:00 committed by Pierre Villard
parent e4f0508c90
commit 50cda9a2e6
No known key found for this signature in database
GPG Key ID: F92A93B30C07C6D5
2 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
nifi-dependency-check-maven/suppressions.xml
View File

@ -106,17 +106,17 @@
</suppress>
<suppress>
<notes>Elasticsearch Server vulnerabilities do not apply to Elasticsearch Plugin</notes>
<packageUrl regex="true">^pkg:maven/org\.elasticsearch\.plugin/.*?@7.6.0$</packageUrl>
<packageUrl regex="true">^pkg:maven/org\.elasticsearch\.plugin/.*?@7.*$</packageUrl>
<cpe regex="true">^cpe:/a:elastic.*$</cpe>
</suppress>
<suppress>
<notes>Elasticsearch Server vulnerabilities do not apply to elasticsearch-core</notes>
<packageUrl regex="true">^pkg:maven/org\.elasticsearch/elasticsearch\-core@7.6.0$</packageUrl>
<packageUrl regex="true">^pkg:maven/org\.elasticsearch/elasticsearch\-core@7.*$</packageUrl>
<cpe regex="true">^cpe:/a:elastic.*$</cpe>
</suppress>
<suppress>
<notes>Elasticsearch Server vulnerabilities do not apply to elasticsearch</notes>
<packageUrl regex="true">^pkg:maven/org\.elasticsearch/elasticsearch@7.6.0$</packageUrl>
<packageUrl regex="true">^pkg:maven/org\.elasticsearch/elasticsearch@7.*$</packageUrl>
<cpe regex="true">^cpe:/a:elastic.*$</cpe>
</suppress>
<suppress>
@ -129,9 +129,14 @@
<packageUrl regex="true">^pkg:maven/org\.elasticsearch/elasticsearch.*$</packageUrl>
<cve>CVE-2020-7014</cve>
</suppress>
<suppress>
<notes>CVE-2021-22145 applies to Elasticsearch Server not client libraries</notes>
<packageUrl regex="true">^pkg:maven/org\.elasticsearch/elasticsearch@.*$</packageUrl>
<vulnerabilityName>CVE-2021-22145</vulnerabilityName>
</suppress>
<suppress>
<notes>Elasticsearch Server vulnerabilities do not apply to elasticsearch libraries</notes>
<packageUrl regex="true">^pkg:maven/org\.elasticsearch/elasticsearch\-.*?@7.6.0$</packageUrl>
<packageUrl regex="true">^pkg:maven/org\.elasticsearch/elasticsearch\-.*?@7.*$</packageUrl>
<cpe regex="true">^cpe:/a:elastic.*$</cpe>
</suppress>
<suppress>

2
pom.xml
View File

@ -119,7 +119,7 @@
<org.bouncycastle.version>1.71</org.bouncycastle.version>
<testcontainers.version>1.17.6</testcontainers.version>
<org.slf4j.version>2.0.7</org.slf4j.version>
<ranger.version>2.3.0</ranger.version>
<ranger.version>2.4.0</ranger.version>
<jetty.version>9.4.50.v20221201</jetty.version>
<jackson.bom.version>2.14.2</jackson.bom.version>
<avro.version>1.11.1</avro.version>