55 lines
2.0 KiB
XML
55 lines
2.0 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<!--
|
|
Licensed to the Apache Software Foundation (ASF) under one or more
|
|
contributor license agreements. See the NOTICE file distributed with
|
|
this work for additional information regarding copyright ownership.
|
|
The ASF licenses this file to You under the Apache License, Version 2.0
|
|
(the "License"); you may not use this file except in compliance with
|
|
the License. You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
-->
|
|
|
|
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
|
|
<suppress>
|
|
<!-- ZOOKEEPER-3217 -->
|
|
<cve>CVE-2018-8088</cve>
|
|
</suppress>
|
|
<suppress>
|
|
<!-- ZOOKEEPER-3262 -->
|
|
<cve>CVE-2018-8012</cve>
|
|
</suppress>
|
|
<suppress>
|
|
<!-- ZOOKEEPER-3262 -->
|
|
<cve>CVE-2016-5017</cve>
|
|
</suppress>
|
|
<suppress>
|
|
<!-- https://github.com/jeremylong/DependencyCheck/issues/1653
|
|
False positive on Netty 4.x-->
|
|
<cve>CVE-2018-12056</cve>
|
|
</suppress>
|
|
<suppress>
|
|
<!-- Seems like false positive - we are not using Prometheus
|
|
2.x, rather the client which lastest is 0.6. at the time of
|
|
this writing -->
|
|
<cve>CVE-2019-3826</cve>
|
|
</suppress>
|
|
<suppress>
|
|
<!-- false positive for us, it is about log4j server in log4j-1.2.17.jar
|
|
ZOOKEEPER-3677 -->
|
|
<cve>CVE-2019-17571</cve>
|
|
</suppress>
|
|
<suppress>
|
|
<!-- it only affects the log4j SmtpAppender users. As Log4J 1.2 is EOL now, we can't fix this unless we
|
|
upgrade to log4j 2. See ZOOKEEPER-3817 -->
|
|
<cve>CVE-2020-9488</cve>
|
|
</suppress>
|
|
</suppressions>
|