Update Snyk ignore file to ignore jackson-databind 2.14.0 is out
Resolves #14831
This commit is contained in:
parent
b67ce73227
commit
9c007e3779
1 changed files with 12 additions and 1 deletions
13
.github/snyk/.snyk
vendored
13
.github/snyk/.snyk
vendored
|
@ -58,7 +58,18 @@ ignore:
|
|||
Keycloak is no longer vulnerable. The issue was fixed on Keycloak 19.0.2
|
||||
More details:
|
||||
- https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v
|
||||
- https://access.redhat.com/security/cve/CVE-2022-2668
|
||||
- https://access.redhat.com/security/cve/CVE-2022-2668
|
||||
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426:
|
||||
- "*":
|
||||
reason: >
|
||||
On latest releases of jackson-databind (2.14.0-rc1 or higher) CVE-2022-42003
|
||||
is already fixed. Keycloak is not vulnerable to the CVE mentioned. Until 2.14.0
|
||||
release is out, we should be able to temporarily ignore those alerts from dependency
|
||||
scanners.
|
||||
More details:
|
||||
- https://github.com/keycloak/keycloak/issues/14785
|
||||
expires: 2022-11-31T00:00:00.000Z
|
||||
|
||||
# License warnings
|
||||
snyk:lic:maven:org.eclipse.sisu:org.eclipse.sisu.plexus:EPL-1.0:
|
||||
- "*":
|
||||
|
|
Loading…
Reference in a new issue