ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2024-12-19 04:57:58 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
79c834d890
corda/.ci/dependency-checker/suppressedLibraries.xml
bpaunescu 04d8260e0f CORDA-351: force update dependencies and suppress vulnerabilities not… (#1944) 
* CORDA-351: force update dependencies and suppress vulnerabilities not affecting corda

* CORDA-351: force update dependencies and suppress vulnerabilities not affecting corda
2017-10-26 12:16:57 +01:00

32 lines
1.3 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8" ?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
<!-- Example of a suppressed library -->
<!-- The suppress node can be generated from the HTML report by using the 'suppress' option for each vulnerability found
<suppress>
<notes><![CDATA[
file name: some.jar
]]></notes>
<sha1>66734244CE86857018B023A8C56AE0635C56B6A1</sha1>
<cpe>cpe:/a:apache:struts:2.0.0</cpe>
</suppress>
-->
<suppress>
<!-- Vulnerability when using SSLv2 Hello messages. Corda uses TLS1.2-->
<notes><![CDATA[file name: catalyst-netty-1.1.2.jar]]></notes>
<gav regex="true">^io\.atomix\.catalyst:catalyst-netty:.*$</gav>
<cve>CVE-2014-3488</cve>
</suppress>
<suppress>
<!-- Vulnerability to LDAP poisoning attacks. Corda doesn't use LDAP-->
<notes><![CDATA[file name: groovy-all-1.8.9.jar]]></notes>
<gav regex="true">^commons-cli:commons-cli:.*$</gav>
<cve>CVE-2016-6497</cve>
</suppress>
<suppress>
<!-- Java objects serialization disabled in Corda -->
<notes><![CDATA[file name: groovy-all-1.8.9.jar]]></notes>
<gav regex="true">^commons-cli:commons-cli:.*$</gav>
<cve>CVE-2015-3253</cve>
</suppress>
</suppressions>
Reference in New Issue View Git Blame Copy Permalink