Skip to content

Commit f564922

Browse files
authored
Suppress EL false positive (helidon-io#3334)
1 parent ace7ac5 commit f564922

1 file changed

Lines changed: 10 additions & 0 deletions

File tree

etc/dependency-check-suppression.xml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -133,4 +133,14 @@
133133
<cve>CVE-2021-21409</cve>
134134
</suppress>
135135

136+
<!-- This CVE was fixed in the EL implementations com.sun.el:el-ri:3.0.4 and org.glassfish:jakarta.el:3.0.4
137+
which we have upgraded to. But the scan triggers a false positive on the API: jakarta.el:jakarta.el-api:3.0.3 -->
138+
<suppress>
139+
<notes><![CDATA[
140+
file name: jakarta.el-api-3.0.3.jar
141+
]]></notes>
142+
<packageUrl regex="true">^pkg:maven/jakarta\.el/jakarta\.el\-api@.*$</packageUrl>
143+
<cve>CVE-2021-28170</cve>
144+
</suppress>
145+
136146
</suppressions>

0 commit comments

Comments
 (0)