libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

Update Snyk ignore file to ignore jackson-databind 2.14.0 is out

Browse source 
Resolves #14831
This commit is contained in:
Bruno Oliveira da Silva 2022-10-10 18:32:35 -03:00
parent b67ce73227
commit 9c007e3779
1 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
.github/snyk/.snyk vendored
View file

@ -58,7 +58,18 @@ ignore:
Keycloak is no longer vulnerable. The issue was fixed on Keycloak 19.0.2 Keycloak is no longer vulnerable. The issue was fixed on Keycloak 19.0.2
More details: More details:
- https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v - https://github.com/keycloak/keycloak/security/advisories/GHSA-wf7g-7h6h-678v
- https://access.redhat.com/security/cve/CVE-2022-2668 - https://access.redhat.com/security/cve/CVE-2022-2668
SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426:
- "*":
reason: >
On latest releases of jackson-databind (2.14.0-rc1 or higher) CVE-2022-42003
is already fixed. Keycloak is not vulnerable to the CVE mentioned. Until 2.14.0
release is out, we should be able to temporarily ignore those alerts from dependency
scanners.
More details:
- https://github.com/keycloak/keycloak/issues/14785
expires: 2022-11-31T00:00:00.000Z
# License warnings # License warnings
snyk:lic:maven:org.eclipse.sisu:org.eclipse.sisu.plexus:EPL-1.0: snyk:lic:maven:org.eclipse.sisu:org.eclipse.sisu.plexus:EPL-1.0:
- "*": - "*":