mirror of
https://github.com/corda/corda.git
synced 2024-12-24 07:06:44 +00:00
Merge pull request #7289 from corda/ritu_tmp_SNYK_waivers_remaining
NOTICK: Remaining snyk waivers updated for Corda OS 4.10
This commit is contained in:
commit
b8400b0e99
29
.snyk
29
.snyk
@ -196,4 +196,33 @@ ignore:
|
|||||||
they are not susceptible.
|
they are not susceptible.
|
||||||
expires: 2023-03-28T11:40:29.871Z
|
expires: 2023-03-28T11:40:29.871Z
|
||||||
created: 2022-12-29T11:40:29.896Z
|
created: 2022-12-29T11:40:29.896Z
|
||||||
|
SNYK-JAVA-ORGYAML-3152153:
|
||||||
|
- '*':
|
||||||
|
reason: >-
|
||||||
|
There is a transitive dependency on snakeyaml from the third party
|
||||||
|
components jackson-dataformat-yaml and liquidbase-core. The
|
||||||
|
jackson-dataformat-yaml component does not use the snakeyaml
|
||||||
|
databinding layer. For liquidbase we use xml in the changelog files
|
||||||
|
not yaml. So given this Corda is not susceptible to this
|
||||||
|
vulnerability.Cordapp authors should exercise their own judgment if
|
||||||
|
using this library directly in their cordapp.
|
||||||
|
expires: 2023-03-03T11:35:04.385Z
|
||||||
|
created: 2023-01-04T11:35:04.414Z
|
||||||
|
SNYK-JAVA-IONETTY-3167773:
|
||||||
|
- '*':
|
||||||
|
reason: >-
|
||||||
|
Corda does not use Netty HTTP (and does not use HTTP in the P2P
|
||||||
|
protocol) . This is a transitive dependency of Netty comms library,
|
||||||
|
but it is not used in Corda, which uses a custom binary protocol
|
||||||
|
secured by mutually authenticated TLS. The vulnerability relating to
|
||||||
|
HTTP Response splitting is not exposed.
|
||||||
|
expires: 2023-03-03T11:40:51.456Z
|
||||||
|
created: 2023-01-04T11:40:51.467Z
|
||||||
|
SNYK-JAVA-COMH2DATABASE-3146851:
|
||||||
|
- '*':
|
||||||
|
reason: >-
|
||||||
|
Corda does not make use of the H2 web admin console, so it not
|
||||||
|
susceptible to this reported vulnerability
|
||||||
|
expires: 2023-03-03T11:45:11.295Z
|
||||||
|
created: 2023-01-04T11:45:11.322Z
|
||||||
patch: {}
|
patch: {}
|
||||||
|
Loading…
Reference in New Issue
Block a user