Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
authzforce
core
Commits
81d7d0c6
Commit
81d7d0c6
authored
Jul 12, 2018
by
cdanger
Browse files
Fixed CVE issue on spring-core
parent
f27ebd3b
Changes
4
Hide whitespace changes
Inline
Side-by-side
owasp-dependency-check-suppression.xml
View file @
81d7d0c6
...
...
@@ -10,4 +10,13 @@
<cve>
CVE-2007-6059
</cve>
<cve>
CVE-2015-9097
</cve>
</suppress>
</suppressions>
\ No newline at end of file
<suppress>
<notes>
<![CDATA[
file name: spring-core-4.3.17.RELEASE.jar,
false positive for CVE-2018-1258
]]>
</notes>
<gav>
org.springframework:spring-core:4.3.17.RELEASE
</gav>
<cve>
CVE-2018-1258
</cve>
</suppress>
</suppressions>
pdp-engine/pom.xml
View file @
81d7d0c6
...
...
@@ -31,9 +31,6 @@
etc. -->
<groupId>
org.springframework
</groupId>
<artifactId>
spring-core
</artifactId>
<!-- Mitigation for CVE-2018-1257, CVE-2018-1258, CVE-2018-1275, CVE-2018-1271, CVE-2018-1270, CVE-2018-1272.
TODO: fix it in authzforce-ce-parent's managed version -->
<version>
4.3.17.RELEASE
</version>
</dependency>
<dependency>
<!-- For loading XML schemas with OASIS catalog (CatalogManager) -->
...
...
pdp-testutils/owasp-dependency-check-suppression.xml
View file @
81d7d0c6
...
...
@@ -10,4 +10,13 @@
<cve>
CVE-2007-6059
</cve>
<cve>
CVE-2015-9097
</cve>
</suppress>
</suppressions>
\ No newline at end of file
<suppress>
<notes>
<![CDATA[
file name: spring-core-4.3.17.RELEASE.jar,
false positive for CVE-2018-1258
]]>
</notes>
<gav>
org.springframework:spring-core:4.3.17.RELEASE
</gav>
<cve>
CVE-2018-1258
</cve>
</suppress>
</suppressions>
pom.xml
View file @
81d7d0c6
...
...
@@ -36,6 +36,13 @@
<version>
15.2.0
</version>
</dependency>
<!-- /AuthzForce dependencies -->
<dependency>
<groupId>
org.springframework
</groupId>
<artifactId>
spring-core
</artifactId>
<!-- Mitigation for CVE-2018-1257, CVE-2018-1258, CVE-2018-1275, CVE-2018-1271, CVE-2018-1270, CVE-2018-1272.
TODO: fix it in authzforce-ce-parent's managed version -->
<version>
4.3.17.RELEASE
</version>
</dependency>
<!-- Test dependencies -->
<dependency>
<groupId>
junit
</groupId>
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment