Skip to content

Commit

Permalink
HazelCast 5.3.2 and OWASP Suppressions (primefaces#10841)
Browse files Browse the repository at this point in the history
  • Loading branch information
@melloware
melloware authored Oct 17, 2023
1 parent 8393ecd commit 4780cde
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 5 deletions.
2 changes: 1 addition & 1 deletion primefaces/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,7 @@
<dependency>
<groupId>com.hazelcast</groupId>
<artifactId>hazelcast</artifactId>
<version>5.3.0</version>
<version>5.3.2</version>
<scope>provided</scope>
</dependency>
<dependency>
Expand Down
18 changes: 14 additions & 4 deletions primefaces/src/conf/owasp-suppressions.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,19 +22,29 @@
<packageUrl regex="true">^pkg:maven/org\.apache\.tomee/javaee\-api@.*$</packageUrl>
<cpe>cpe:/a:apache:tomee</cpe>
</suppress>
<suppress>
<notes><![CDATA[file name: json-20231013.jar]]></notes>
<packageUrl regex="true">^pkg:maven/org\.json/json@.*$</packageUrl>
<cpe>cpe:/a:json-java_project:json-java</cpe>
</suppress>
<suppress>
<notes><![CDATA[file name: javaee-api-8.0-5.jar (shaded: org.apache.geronimo.specs:geronimo-ws-metadata_2.0_spec:1.1.3)]]></notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.geronimo\.specs/geronimo\-ws\-metadata_2\.0_spec@.*$</packageUrl>
<cve>CVE-2021-41568</cve>
</suppress>
<suppress>
<notes><![CDATA[file name: hazelcast-5.3.0.jar (shaded: org.json:json:20230227)]]></notes>
<packageUrl regex="true">^pkg:maven/org\.json/json@.*$</packageUrl>
<cpe>cpe:/a:json-java_project:json-java</cpe>
<notes><![CDATA[file name: hazelcast-5.3.2.jar]]></notes>
<packageUrl regex="true">^pkg:maven/com\.hazelcast/hazelcast@.*$</packageUrl>
<cpe>cpe:/a:hazelcast:hazelcast</cpe>
</suppress>
<suppress>
<notes><![CDATA[file name: hazelcast-5.3.0.jar (shaded: org.json:json:20230227)]]></notes>
<notes><![CDATA[file name: hazelcast-5.3.2.jar (shaded: org.json:json:20230227)]]></notes>
<packageUrl regex="true">^pkg:maven/org\.json/json@.*$</packageUrl>
<vulnerabilityName>CVE-2023-5072</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[file name: hazelcast-5.3.2.jar]]></notes>
<packageUrl regex="true">^pkg:maven/com\.hazelcast/hazelcast@.*$</packageUrl>
<vulnerabilityName>CVE-2023-45860</vulnerabilityName>
</suppress>
</suppressions>

0 comments on commit 4780cde

Please sign in to comment.