Skip to content

Commit

Permalink
Resolve CVEs: Upgrade jetty version and suppress azure cve (#17385)
Browse files Browse the repository at this point in the history
  • Loading branch information
findingrish authored Nov 15, 2024
1 parent 75d9ece commit 7f335ff
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 4 deletions.
2 changes: 1 addition & 1 deletion licenses.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2065,7 +2065,7 @@ name: Jetty
license_category: binary
module: java-core
license_name: Apache License version 2.0
version: 9.4.54.v20240208
version: 9.4.56.v20240826
libraries:
- org.eclipse.jetty: jetty-client
- org.eclipse.jetty: jetty-continuation
Expand Down
5 changes: 3 additions & 2 deletions owasp-dependency-check-suppressions.xml
Original file line number Diff line number Diff line change
Expand Up @@ -649,10 +649,12 @@
</suppress>
<suppress>
<notes><![CDATA[
FP per issue #6100 - CVE-2023-36052 since it is related to Azure-cli not to the azure-core libraries
FP per issue #6100 - CVE-2023-36052 since it is related to azure-cli not to the azure-core libraries
CVE-2024-43591 is also related to azure-cli
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.azure/azure*@*.*$</packageUrl>
<cve>CVE-2023-36052</cve>
<cve>CVE-2024-43591</cve>
</suppress>
<suppress>
<!-- CVE is for a totally unrelated Sketch mac app -->
Expand Down Expand Up @@ -745,5 +747,4 @@
]]></notes>
<vulnerabilityName>CVE-2024-45772</vulnerabilityName>
</suppress>

</suppressions>
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@
<guava.version>32.0.1-jre</guava.version>
<guice.version>4.1.0</guice.version>
<hamcrest.version>1.3</hamcrest.version>
<jetty.version>9.4.54.v20240208</jetty.version>
<jetty.version>9.4.56.v20240826</jetty.version>
<jersey.version>1.19.4</jersey.version>
<jackson.version>2.12.7.20221012</jackson.version>
<codehaus.jackson.version>1.9.13</codehaus.jackson.version>
Expand Down

0 comments on commit 7f335ff

Please sign in to comment.