- Updated OWASP suppressions to exclude several JSON and Kafka false positives
- Excluded JUnit dependency from Hive 3 JDBC
This closes#7411
Signed-off-by: Mike Thomsen <mthomsen@apache.org>
- Updated Elasticsearch client false positive vulnerability suppressions for new Ranger transitive dependencies
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#7109.
- Upgraded Ranger Hadoop dependencies from 3.3.3 to 3.3.5
- Aligned Iceberg Hadoop version with project Hadoop version
- Updated Atlas dependencies to align hadoop-hdfs-client version with hadoop-common
- Updated Ranger hadoop-auth version to align with other Hadoop dependencies
- Updated Spark Livy bundle to align with project Hadoop version
- Removed unnecessary dependencies from Hive Test Utilities
- Updated HBase 2 Woodstox Core from 5.3.0 to 5.4.0
- Suppressed false positive vulnerabilities for HBase client libraries
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#7097.
- Updated suppression configuration
- Upgraded Solr from 8.6.3 to 8.11.1 for Ranger
- Excluded Apache Ivy from Hive and Janus Graph dependencies
- Excluded Groovy from Hive tests
Signed-off-by: Joe Witt <joewitt@apache.org>
- Removed false positive suppressions no longer necessary in current version
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6839.
- Removed non-applicable suppressions
- Added suppressions for Elasticsearch client libraries and other false positives
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6751.
- Replaced individual AWS SDK versions with root managed dependency version
- Set AWS SDK 1 version to 1.12.299
- Set AWS SDK 2 version to 2.17.270
- Suppressed false positive dependency vulnerability for aws-sdk-swf-libraries
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6405.
- Suppressed Apache Calcite vulnerabilities not applicable to Calcite Avatica subproject
- Suppressed HBase server vulnerabilities not applicable to client libraries
- Suppressed several mismatched product vulnerabilities
This closes#6290
Signed-off-by: Paul Grey <greyp@apache.org>
- Changed from com.github.shyiko to com.zendesk dependency group for current library version
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6302.
- Changed Maven profile from owasp to dependency-check
- Configured dependency check plugin to run in validate phase
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6100.
- Removed unnecessary suppression configurations due to detection improvements
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6004.
- Adjusted OWASP dependency-check suppressions to match Registry and MiNiFi packages
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#5431.
- Suppressed false positive for ftpserver
- Suppressed false positive for com.metamx:http-client
- Suppressed false positive for Jetty servlet-api
- Suppressed false positive for Testcontainers MySQL
- Suppressed false positive for vorbis-java-tika
This closes#5384
Signed-off-by: Joe Gresock <jgresock@gmail.com>
exceptionfactory