Skip to content

Commit

Permalink
suppressions.xml
Browse files Browse the repository at this point in the history
  • Loading branch information
@lumber1000
lumber1000 committed Sep 5, 2024
1 parent 0a186f7 commit 331aa96
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 6 deletions.
8 changes: 2 additions & 6 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,12 +83,6 @@ subprojects {
exclude module: 'sailfish-core'
exclude module: 'sailfish-common'
}

configureEach.resolutionStrategy.dependencySubstitution {
substitute(module('org.apache.mina:mina-core:2.0.21'))
.using(module('org.apache.mina:mina-core:2.0.25'))
.because("vulnerability in transitive dependency in transitive dependency of sailfish 3.3.241")
}
}

dependencies {
Expand Down Expand Up @@ -170,6 +164,8 @@ subprojects {
}

dependencyCheck {
suppressionFile = file('suppressions.xml')

formats=['SARIF', 'JSON', 'HTML']
failBuildOnCVSS=5

Expand Down
9 changes: 9 additions & 0 deletions suppressions.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[Suppress CVE-2021-41973 (vulnerability in HTTP Header decoder) in Apache MINA because MINA's HTTP Header decoder is not used in this project]]>
</notes>
<filePath regex="true">.*/apache-mina-core-2.0.21.2.jar</filePath>
<cve>CVE-2021-41973</cve>
</suppress>
</suppressions>

0 comments on commit 331aa96

Please sign in to comment.