Skip to content

Commit

Permalink
Downgrade owasp for jenkins
Browse files Browse the repository at this point in the history
  • Loading branch information
Nikola Naydenov committed Oct 1, 2020
1 parent d21c47e commit b8eb016
Show file tree
Hide file tree
Showing 2 changed files with 58 additions and 4 deletions.
8 changes: 4 additions & 4 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ plugins {
id 'java'
id 'jacoco'
id 'io.spring.dependency-management' version '1.0.9.RELEASE' apply false
id 'org.owasp.dependencycheck' version '6.0.2'
id 'org.owasp.dependencycheck' version '5.3.2.1'
id 'org.sonarqube' version '2.6.2'
id 'org.springframework.boot' version '2.2.10.RELEASE' apply false
id 'com.gorylenko.gradle-git-properties' version '1.4.21'
Expand Down Expand Up @@ -79,12 +79,12 @@ allprojects {
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-oauth2-client'
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-oauth2-resource-server'
implementation group: 'org.springframework.boot', name: 'spring-boot-starter-data-redis-reactive'
implementation group: 'org.springframework.session', name: 'spring-session-data-redis', version: '2.2.3.RELEASE'
implementation group: 'org.springframework.session', name: 'spring-session-data-redis', version: '2.2.4.RELEASE'

implementation group: 'io.github.openfeign', name: 'feign-jackson', version: '10.11'
implementation group: 'io.github.openfeign', name: 'feign-okhttp', version: '10.11'
implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-openfeign', version: '2.2.3.RELEASE'
implementation(group: 'org.springframework.cloud', name: 'spring-cloud-starter-netflix-zuul', version: '2.2.3.RELEASE') {
implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-openfeign', version: '2.2.5.RELEASE'
implementation(group: 'org.springframework.cloud', name: 'spring-cloud-starter-netflix-zuul', version: '2.2.5.RELEASE') {
exclude(module: 'rxnetty-contexts')
exclude(module: 'rxnetty-servo')
exclude(module: 'rxnetty')
Expand Down
54 changes: 54 additions & 0 deletions dependency-check-suppressions.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -280,6 +280,60 @@
<cve>CVE-2019-16370</cve>
</suppress>

<suppress>
<notes>
TODO: fix these: suppress some netflix CVEs to deploy a hotfix
</notes>
<gav regex="true">^com\.netflix\.servo:servo-core:0\.10\.1$</gav>
<cve>CVE-2014-0047</cve>
<cve>CVE-2014-0048</cve>
<cve>CVE-2014-5277</cve>
<cve>CVE-2014-5278</cve>
<cve>CVE-2014-5282</cve>
<cve>CVE-2014-6407</cve>
<cve>CVE-2014-8178</cve>
<cve>CVE-2014-8179</cve>
<cve>CVE-2014-9356</cve>
<cve>CVE-2014-9358</cve>
<cve>CVE-2015-3627</cve>
<cve>CVE-2015-3630</cve>
<cve>CVE-2015-3631</cve>
<cve>CVE-2016-3697</cve>
<cve>CVE-2017-14992</cve>
<cve>CVE-2019-13139</cve>
<cve>CVE-2019-13509</cve>
<cve>CVE-2019-15752</cve>
<cve>CVE-2019-16884</cve>
<cve>CVE-2019-5736</cve>
</suppress>

<suppress>
<notes>
TODO: fix these: suppress some netflix CVEs to deploy a hotfix
</notes>
<gav regex="true">^com\.netflix\.servo:servo-internal:0\.10\.1$</gav>
<cve>CVE-2014-0047</cve>
<cve>CVE-2014-0048</cve>
<cve>CVE-2014-5277</cve>
<cve>CVE-2014-5278</cve>
<cve>CVE-2014-5282</cve>
<cve>CVE-2014-6407</cve>
<cve>CVE-2014-8178</cve>
<cve>CVE-2014-8179</cve>
<cve>CVE-2014-9356</cve>
<cve>CVE-2014-9358</cve>
<cve>CVE-2015-3627</cve>
<cve>CVE-2015-3630</cve>
<cve>CVE-2015-3631</cve>
<cve>CVE-2016-3697</cve>
<cve>CVE-2017-14992</cve>
<cve>CVE-2019-13139</cve>
<cve>CVE-2019-13509</cve>
<cve>CVE-2019-15752</cve>
<cve>CVE-2019-16884</cve>
<cve>CVE-2019-5736</cve>
</suppress>

<!--
This dependency is a transitional dependency of spring-security-oauth2-client,
as such could only be exploited by developers.
Expand Down

0 comments on commit b8eb016

Please sign in to comment.