[fix][build] Resolve OWASP Dependency Check false positives (#19120)

(cherry picked from commit f912fb3)
apache · Jan 2, 2023 · 4ac2419 · 4ac2419
1 parent 99e11f8
commit 4ac2419
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/src/owasp-dependency-check-false-positives.xml b/src/owasp-dependency-check-false-positives.xml
@@ -27,6 +27,12 @@
     </notes>
     <cpe>cpe:/a:apache:http_server</cpe>
   </suppress>
+  <suppress>
+    <notes>
+      apache:apache_http_server is not used.
+    </notes>
+    <cpe>cpe:/a:apache:apache_http_server</cpe>
+  </suppress>
   <suppress>
     <notes>pulsar-zookeeper-utils gets mixed with zookeeper.</notes>
     <gav regex="true">org\.apache\.pulsar:.*</gav>
@@ -59,4 +65,9 @@
     <packageUrl regex="true">^pkg:maven/io\.netty/netty\-tcnative\-classes@.*$</packageUrl>
     <cpe>cpe:/a:netty:netty</cpe>
   </suppress>
+
+  <suppress>
+    <notes>commons-net is not used at all and therefore commons-net vulnerability CVE-2021-37533 is a false positive.</notes>
+    <cve>CVE-2021-37533</cve>
+  </suppress>
 </suppressions>