Apache/nifi
1
0
Fork 0
mirror of https://github.com/apache/nifi.git synced 2025-02-28 22:49:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

NIFI-10118 Upgraded OWASP Dependency Check from 7.1.0 to 7.1.1

Browse Source 
This closes #6127

Signed-off-by: David Handermann <exceptionfactory@apache.org>
This commit is contained in:
exceptionfactory 2022-06-14 15:51:22 -05:00
parent d298a3ab83
commit 6c6cb99b38
No known key found for this signature in database
GPG Key ID: 29B6A52D2AAE8DBA
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
nifi-dependency-check-maven/suppressions.xml
View File

@ -59,4 +59,39 @@
<packageUrl regex="true">^pkg:maven/org\.apache\.twill/twill\-zookeeper@.*$</packageUrl> <packageUrl regex="true">^pkg:maven/org\.apache\.twill/twill\-zookeeper@.*$</packageUrl>
<cpe>cpe:/a:apache:zookeeper</cpe> <cpe>cpe:/a:apache:zookeeper</cpe>
</suppress> </suppress>
<suppress>
<notes>H2 1.4.200 is shaded and repackaged without vulnerable components in nifi-h2-database for migration</notes>
<packageUrl>pkg:maven/com.h2database/h2@1.4.200</packageUrl>
<vulnerabilityName regex="true">^CVE.*$</vulnerabilityName>
</suppress>
<suppress>
<notes>H2 2 is not vulnerable to CVE-2018-14335</notes>
<packageUrl regex="true">^pkg:maven/com\.h2database/h2@2.*$</packageUrl>
<vulnerabilityName>CVE-2018-14335</vulnerabilityName>
</suppress>
<suppress>
<notes>Jetty apache-jsp is not part of Apache Tomcat server</notes>
<packageUrl>pkg:maven/org.mortbay.jasper/apache-jsp@8.5.70</packageUrl>
<cpe>cpe:/a:apache:tomcat</cpe>
</suppress>
<suppress>
<notes>CVE-2016-1000027 does not apply to Spring Web 5.3.20 and later</notes>
<packageUrl regex="true">^pkg:maven/org\.springframework/spring\-web@.*$</packageUrl>
<cve>CVE-2016-1000027</cve>
</suppress>
<suppress>
<notes>CVE-2020-5408 does not apply to Spring Security Crypto 5.7.1 and later</notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-crypto@.*$</packageUrl>
<vulnerabilityName>CVE-2020-5408</vulnerabilityName>
</suppress>
<suppress>
<notes>Spring Security Kerberos Core is an extension of the Spring Security project</notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.security\.kerberos/spring\-security\-kerberos.*$</packageUrl>
<cpe>cpe:/a:vmware:spring_security</cpe>
</suppress>
<suppress>
<notes>Servlet API 2.5 does not include Jetty Server vulnerabilities</notes>
<packageUrl regex="true">^pkg:maven/org\.mortbay\.jetty/servlet\-api@.*$</packageUrl>
<cpe regex="true">^cpe:.*$</cpe>
</suppress>
</suppressions> </suppressions>

2
pom.xml
View File

@ -1245,7 +1245,7 @@
<plugin> <plugin>
<groupId>org.owasp</groupId> <groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId> <artifactId>dependency-check-maven</artifactId>
<version>7.1.0</version> <version>7.1.1</version>
<executions> <executions>
<execution> <execution>
<inherited>false</inherited> <inherited>false</inherited>