natas_hw
/
cassandra
mirror of https://github.com/apache/cassandra
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Upgrade to OWASP 8.3.1 

Patch by brandonwilliams; reviewed by edimitrova for CASSANDRA-18650
This commit is contained in:
Brandon Williams 2023-07-06 15:50:26 -05:00
parent 7150cc5b99
commit 493d15fffa
3 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.build/build-owasp.xml
View File

@ -17,7 +17,7 @@
~ limitations under the License. ~ limitations under the License.
--> -->
<project basedir="." name="apache-cassandra-owasp-tasks"> <project basedir="." name="apache-cassandra-owasp-tasks">
<property name="dependency-check.version" value="6.3.2"/> <property name="dependency-check.version" value="8.3.1"/>
<property name="dependency-check.home" value="${build.dir}/dependency-check-ant-${dependency-check.version}"/> <property name="dependency-check.home" value="${build.dir}/dependency-check-ant-${dependency-check.version}"/>
<condition property="is.dependency.check.jar"> <condition property="is.dependency.check.jar">

10
.build/dependency-check-suppressions.xml
View File

@ -116,6 +116,14 @@
<cve>CVE-2018-11798</cve> <cve>CVE-2018-11798</cve>
<cve>CVE-2019-0205</cve> <cve>CVE-2019-0205</cve>
</suppress> </suppress>
<suppress>
<packageUrl regex="true">^pkg:maven/com\.thinkaurelius\.thrift/thrift-server@.*$</packageUrl>
<cve>CVE-2015-3254</cve>
<cve>CVE-2016-5397</cve>
<cve>CVE-2018-1320</cve>
<cve>CVE-2018-11798</cve>
<cve>CVE-2019-0205</cve>
</suppress>
<!-- https://issues.apache.org/jira/browse/CASSANDRA-16056 --> <!-- https://issues.apache.org/jira/browse/CASSANDRA-16056 -->
<!-- https://issues.apache.org/jira/browse/CASSANDRA-15416 --> <!-- https://issues.apache.org/jira/browse/CASSANDRA-15416 -->
@ -138,6 +146,8 @@
<suppress> <suppress>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl> <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
<cve>CVE-2023-35116</cve> <cve>CVE-2023-35116</cve>
<cve>CVE-2022-42003</cve>
<cve>CVE-2022-42004</cve>
</suppress> </suppress>
</suppressions> </suppressions>

1
CHANGES.txt
View File

@ -1,4 +1,5 @@
3.0.30 3.0.30
* Upgrade OWASP to 8.3.1 (CASSANDRA-18650)
* Suppress CVE-2023-34462 (CASSANDRA-18649) * Suppress CVE-2023-34462 (CASSANDRA-18649)
* Add support for AWS Ec2 IMDSv2 (CASSANDRA-16555) * Add support for AWS Ec2 IMDSv2 (CASSANDRA-16555)
* Suppress CVE-2023-35116 (CASSANDRA-18630) * Suppress CVE-2023-35116 (CASSANDRA-18630)