Home Explore Help
Register Sign In
apache
/
zookeeper
mirror of https://gitee.com/apache/zookeeper.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

ZOOKEEPER-3817: suppress log4j SmtpAppender related CVE-2020-9488

Author: Mate Szalay-Beko <symat@apache.org>

Reviewers: Enrico Olivelli <eolivelli@apache.org>

Closes #1346 from symat/ZOOKEEPER-3817
Mate Szalay-Beko 5 years ago
parent
ac4da3ebed
commit
f6b54a6cd2
1 changed files with 5 additions and 0 deletions
Unified View Show Diff Stats
  1. 5 0
      owaspSuppressions.xml

+ 5 - 0
owaspSuppressions.xml
View File 

@@ -46,4 +46,9 @@
 
            ZOOKEEPER-3677 -->
 
            ZOOKEEPER-3677 -->
 
       <cve>CVE-2019-17571</cve>
 
       <cve>CVE-2019-17571</cve>
 
    </suppress>
 
    </suppress>
 
+   <suppress>
 
+      <!-- it only affects the log4j SmtpAppender users. As Log4J 1.2 is EOL now, we can't fix this unless we
 
+           upgrade to log4j 2. See ZOOKEEPER-3817 -->
 
+      <cve>CVE-2020-9488</cve>
 
+   </suppress>
 
 </suppressions>
 
 </suppressions>