Skip to content

Commit

Permalink
Rdcc 3945 CVE fix (#235)
Browse files Browse the repository at this point in the history
* removed suppressions as cves no longer persist



Co-authored-by: LukeHalsall <luke.halsall@HMCTS.net>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: shivajilokare <shivaji.lokare@HCTS.NET>
4 people authored Feb 9, 2022

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent b510899 commit cff3800
Showing 2 changed files with 2 additions and 28 deletions.
2 changes: 1 addition & 1 deletion build.gradle
Original file line number Diff line number Diff line change
@@ -13,7 +13,7 @@ plugins {
id 'io.spring.dependency-management' version '1.0.11.RELEASE'
id 'org.sonarqube' version '3.3'
id 'org.springframework.boot' version '2.4.12'
id "org.flywaydb.flyway" version "8.2.3"
id "org.flywaydb.flyway" version "8.3.0"
id "io.freefair.lombok" version "5.3.3.3"
id 'uk.gov.hmcts.java' version '0.12.12'
id 'au.com.dius.pact' version '4.1.7'
28 changes: 1 addition & 27 deletions config/owasp/suppressions.xml
Original file line number Diff line number Diff line change
@@ -1,36 +1,10 @@
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
file name: spring-security*.jar
]]></notes>
<packageUrl regex="true">^pkg:maven*.*$</packageUrl>
<cve>CVE-2018-1258</cve>
</suppress>
<suppress until="2022-01-05">
<notes><![CDATA[
file name: oauth2-oidc-sdk-7.1.1.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.nimbusds/oauth2\-oidc\-sdk@.*$</packageUrl>
<cve>CVE-2007-1651</cve>
<cve>CVE-2007-1652</cve>
</suppress>
<suppress until="2022-05-16">
<suppress until="2022-12-16">
<notes><![CDATA[
file name: lang-tag-1.4.4.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.nimbusds/lang\-tag@.*$</packageUrl>
<cve>CVE-2020-29242</cve>
<cve>CVE-2020-29243</cve>
<cve>CVE-2020-29244</cve>
<cve>CVE-2020-29245</cve>
<cve>CVE-2020-23171</cve>
</suppress>
<suppress until="2022-05-16">
<notes><![CDATA[
file name: jakarta.el-3.0.3.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.glassfish/jakarta\.el@.*$</packageUrl>
<cve>CVE-2021-28170</cve>
</suppress>
</suppressions>

0 comments on commit cff3800

Please sign in to comment.