Remove unused suppressions

Patch by brandonwilliams; reviewed by adelapena and edimitrova for CASSANDRA-18724
2023-08-04 08:30:42 -05:00 · 2023-08-04 08:30:42 -05:00 · 5c4dd3b993
parent 39db44adff
commit 5c4dd3b993
2 changed files with 1 additions and 44 deletions
--- a/.build/dependency-check-suppressions.xml
+++ b/.build/dependency-check-suppressions.xml
@ -62,25 +62,6 @@
        <cve>CVE-2023-34462</cve>
    </suppress>

-    <!-- https://issues.apache.org/jira/browse/CASSANDRA-14183 -->
-    <suppress>
-        <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-core@.*$</packageUrl>
-        <cve>CVE-2017-5929</cve>
-    </suppress>
-    <suppress>
-        <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-classic@.*$</packageUrl>
-        <cve>CVE-2017-5929</cve>
-    </suppress>
-
-    <!-- this was fixed in 3.0.22 -->
-    <suppress>
-        <packageUrl regex="true">^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-core@.*$</packageUrl>
-        <cve>CVE-2019-2684</cve>
-        <cve>CVE-2020-13946</cve>
-        <cve>CVE-2020-17516</cve>
-        <cve>CVE-2021-44521</cve>
-    </suppress>
-
    <!-- https://issues.apache.org/jira/browse/CASSANDRA-14760 -->
    <suppress>
        <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
@ -89,24 +70,6 @@
        <cve>CVE-2023-2976</cve>
    </suppress>

-    <!-- https://issues.apache.org/jira/browse/CASSANDRA-18146 -->
-    <suppress>
-        <packageUrl regex="true">^pkg:maven/org\.apache\.commons.*$</packageUrl>
-        <cve>CVE-2021-37533</cve>
-    </suppress>
-    <suppress>
-        <packageUrl regex="true">^pkg:maven/commons-io/.*$</packageUrl>
-        <cve>CVE-2021-37533</cve>
-    </suppress>
-    <suppress>
-        <packageUrl regex="true">^pkg:maven/commons-cli/.*$</packageUrl>
-        <cve>CVE-2021-37533</cve>
-    </suppress>
-    <suppress>
-        <packageUrl regex="true">^pkg:maven/commons-codec/.*$</packageUrl>
-        <cve>CVE-2021-37533</cve>
-    </suppress>
-
    <!-- https://issues.apache.org/jira/browse/CASSANDRA-16606 -->
    <suppress>
        <packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libthrift@.*$</packageUrl>
@ -142,12 +105,5 @@
        <cve>CVE-2019-16335</cve>
        <cve>CVE-2019-17267</cve>
    </suppress>
-    <!-- https://issues.apache.org/jira/browse/CASSANDRA-18630 -->
-    <suppress>
-        <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
-        <cve>CVE-2023-35116</cve>
-	<cve>CVE-2022-42003</cve>
-	<cve>CVE-2022-42004</cve>
-    </suppress>

 </suppressions>
--- a/CHANGES.txt
+++ b/CHANGES.txt
@ -1,4 +1,5 @@
 3.0.30
+ * Remove unused suppressions (CASSANDRA-18724)
 * Upgrade OWASP to 8.3.1 (CASSANDRA-18650)
 * Suppress CVE-2023-34462 (CASSANDRA-18649)
 * Add support for AWS Ec2 IMDSv2 (CASSANDRA-16555)