Commit c9a58110 authored by cdanger's avatar cdanger

- added dependency-check false positive on logback-ext-spring

- changed authzforce dependency versions:
	- parent: 7.3.0
	- core: 13.2.0
	- core-pap-api: 9.2.0
	- pap-dao-flat-file: 10.0.0
	- jaxrs-utils: 1.2.0
	- tomcat used for tests: 8.5.30 (Ubuntu 18.0.4LTS version)
parent afaf0dc8
......@@ -4,7 +4,7 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-parent</artifactId>
<version>7.2.0</version>
<version>7.3.0</version>
</parent>
<artifactId>authzforce-ce-server</artifactId>
<!-- FIWARE Versioning + Version must be equal or higher than 'authzforce-ce-rest-api-model' dependency in 'rest-service' module -->
......@@ -15,10 +15,10 @@
<url>${project.url}</url>
<properties>
<git.url.base>https://github.com/authzforce/server</git.url.base>
<authzforce-ce-core.version>10.1.0</authzforce-ce-core.version>
<authzforce-ce-core-pap-api.version>9.1.0</authzforce-ce-core-pap-api.version>
<authzforce-ce-core.version>13.2.0</authzforce-ce-core.version>
<authzforce-ce-core-pap-api.version>9.2.0</authzforce-ce-core-pap-api.version>
<!-- Version must be compatible with authzforce-ce-core and authzforce-ce-core-pap-api versions above. -->
<authzforce-ce-pap-dao-flat-file.version>9.1.0</authzforce-ce-pap-dao-flat-file.version>
<authzforce-ce-pap-dao-flat-file.version>10.0.0</authzforce-ce-pap-dao-flat-file.version>
<productId>authzforce-ce-server</productId>
<productName>AuthzForce CE Server</productName>
<productMaintainer>Thales Services SAS</productMaintainer>
......
......@@ -39,7 +39,7 @@
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-jaxrs-utils</artifactId>
<version>1.1.0</version>
<version>1.2.0</version>
</dependency>
</dependencies>
<build>
......
<?xml version="1.0" encoding="UTF-8"?>
<suppressions
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
<suppress>
<!-- "cxf-core" module is available starting from CXF 3.0.0. In CXF 2.7.x or earlier use "cxf-rt-core".
Because of this recent change, the old CVE below is wrongly matched.
More info: http://cxf.apache.org/docs/featureslist.html
-->
<notes><![CDATA[
file name: cxf-core-3.1.8.jar
]]></notes>
<gav regex="true">^org\.apache\.cxf:cxf-core:.*$</gav>
<cve>CVE-2012-5786</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: mailapi-1.5.6.jar
......@@ -19,4 +8,11 @@
<gav regex="true">^com\.sun\.mail:mailapi:.*$</gav>
<cve>CVE-2007-6059</cve>
</suppress>
<suppress>
<notes><![CDATA[
false positive: logback-ext-spring-0.1.5.jar (cpe:/a:logback:logback:0.1.5, org.logback-extensions:logback-ext-spring:0.1.5) : CVE-2017-5929
]]></notes>
<gav regex="true">org\.logback-extensions:logback-ext-spring:.*</gav>
<cve>CVE-2017-5929</cve>
</suppress>
</suppressions>
\ No newline at end of file
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment