mirror of
https://github.com/corda/corda.git
synced 2024-12-24 15:16:45 +00:00
04d8260e0f
* CORDA-351: force update dependencies and suppress vulnerabilities not affecting corda * CORDA-351: force update dependencies and suppress vulnerabilities not affecting corda
32 lines
1.3 KiB
XML
32 lines
1.3 KiB
XML
<?xml version="1.0" encoding="UTF-8" ?>
|
|
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
|
|
<!-- Example of a suppressed library -->
|
|
<!-- The suppress node can be generated from the HTML report by using the 'suppress' option for each vulnerability found
|
|
<suppress>
|
|
<notes><![CDATA[
|
|
file name: some.jar
|
|
]]></notes>
|
|
<sha1>66734244CE86857018B023A8C56AE0635C56B6A1</sha1>
|
|
<cpe>cpe:/a:apache:struts:2.0.0</cpe>
|
|
</suppress>
|
|
-->
|
|
<suppress>
|
|
<!-- Vulnerability when using SSLv2 Hello messages. Corda uses TLS1.2-->
|
|
<notes><![CDATA[file name: catalyst-netty-1.1.2.jar]]></notes>
|
|
<gav regex="true">^io\.atomix\.catalyst:catalyst-netty:.*$</gav>
|
|
<cve>CVE-2014-3488</cve>
|
|
</suppress>
|
|
<suppress>
|
|
<!-- Vulnerability to LDAP poisoning attacks. Corda doesn't use LDAP-->
|
|
<notes><![CDATA[file name: groovy-all-1.8.9.jar]]></notes>
|
|
<gav regex="true">^commons-cli:commons-cli:.*$</gav>
|
|
<cve>CVE-2016-6497</cve>
|
|
</suppress>
|
|
<suppress>
|
|
<!-- Java objects serialization disabled in Corda -->
|
|
<notes><![CDATA[file name: groovy-all-1.8.9.jar]]></notes>
|
|
<gav regex="true">^commons-cli:commons-cli:.*$</gav>
|
|
<cve>CVE-2015-3253</cve>
|
|
</suppress>
|
|
</suppressions>
|