Commit f469f22b authored by cdanger's avatar cdanger

- Fixed CVEs reported by dependency-check plugin

parent 4b4f3e2f
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
<suppress>
<notes><![CDATA[
file name: mailapi-1.5.6.jar,
false positive reported: https://github.com/jeremylong/DependencyCheck/issues/912
]]></notes>
<cpe>cpe:/a:mail_project:mail</cpe>
<cpe>cpe:/a:sun:javamail</cpe>
<cve>CVE-2007-6059</cve>
<cve>CVE-2015-9097</cve>
</suppress>
<suppress>
<notes><![CDATA[
file name: javax.ws.rs-api-2.1.jar,
false positive reported: https://github.com/jeremylong/DependencyCheck/issues/1077
]]></notes>
<cpe>javax.ws.rs:javax.ws.rs-api:2.1</cpe>
<cve>CVE-2015-4345</cve>
</suppress>
</suppressions>
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
<suppress>
<notes><![CDATA[
file name: mailapi-1.5.6.jar,
false positive reported: https://github.com/jeremylong/DependencyCheck/issues/912
]]></notes>
<cpe>cpe:/a:mail_project:mail</cpe>
<cpe>cpe:/a:sun:javamail</cpe>
<cve>CVE-2007-6059</cve>
<cve>CVE-2015-9097</cve>
</suppress>
</suppressions>
\ No newline at end of file
......@@ -67,27 +67,6 @@
</execution>
</executions>
</plugin>
<!-- <plugin> -->
<!-- Compute timestamp to be used in org.ow2.authzforce.server.product.properties. We cannot use Maven property 'maven.build.timestamp.format' because already used to compute 'currentYear' property
inherited from authzforce-ce-parent, with a different format, so we use a plugin. -->
<!-- <groupId>org.codehaus.mojo</groupId> -->
<!-- <artifactId>buildnumber-maven-plugin</artifactId> -->
<!-- <version>1.3</version> -->
<!-- <executions> -->
<!-- <execution> -->
<!-- <id>set-current-date-property</id> -->
<!-- <phase>initialize</phase> -->
<!-- <goals> -->
<!-- <goal>create-timestamp</goal> -->
<!-- </goals> -->
<!-- <configuration> -->
<!-- <timezone>UTC</timezone> -->
<!-- <timestampPropertyName>build.date</timestampPropertyName> -->
<!-- <timestampFormat>yyyy-MM-dd</timestampFormat> -->
<!-- </configuration> -->
<!-- </execution> -->
<!-- </executions> -->
<!-- </plugin> -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
......
<?xml version="1.0" encoding="UTF-8"?>
<suppressions
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
<suppress>
<notes><![CDATA[
file name: mailapi-1.5.6.jar
]]></notes>
<gav regex="true">^com\.sun\.mail:mailapi:.*$</gav>
<cve>CVE-2007-6059</cve>
</suppress>
<suppress>
<notes><![CDATA[
false positive: logback-ext-spring-0.1.5.jar (cpe:/a:logback:logback:0.1.5, org.logback-extensions:logback-ext-spring:0.1.5) : CVE-2017-5929
]]></notes>
<gav regex="true">org\.logback-extensions:logback-ext-spring:.*</gav>
<cve>CVE-2017-5929</cve>
</suppress>
<!-- <suppress> -->
<!-- <notes><![CDATA[ -->
<!-- false positive: logback-ext-spring-0.1.5.jar (cpe:/a:logback:logback:0.1.5, org.logback-extensions:logback-ext-spring:0.1.5) : CVE-2017-5929
Reported: https://github.com/jeremylong/DependencyCheck/issues/1680
-->
<!-- ]]></notes> -->
<!-- <gav regex="true">org\.logback-extensions:logback-ext-spring:.*</gav> -->
<!-- <cve>CVE-2017-5929</cve> -->
<!-- </suppress> -->
</suppressions>
\ No newline at end of file
......@@ -100,7 +100,7 @@
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>authzforce-ce-server-rest-service</artifactId>
<version>8.0.2-SNAPSHOT</version>
<version>${project.parent.version}</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment