[MGNLEE-642] Remove suppressed vulnerability from dependency-check-report Created: 03/Jun/21 Updated: 14/Jun/21 Resolved: 14/Jun/21 |
|
| Status: | Closed |
| Project: | Magnolia DX Core |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 6.2.10 |
| Type: | Improvement | Priority: | Neutral |
| Reporter: | Federico Grilli | Assignee: | Mikaël Geljić |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[X]*
Doc/release notes changes? Comment present?
[X]*
Downstream builds green?
[X]*
Solution information and context easily available?
[X]*
Tests
[X]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Date of First Response: |
| Description |
|
We should be suppressing the vulnerabilities reported that we know we are not affected by, e.g. at https://nexus.magnolia-cms.com/content/sites/magnolia.enterprise.sites/magnolia-dx-core/6.2.9/dependency-check-report.html |
| Comments |
| Comment by Mikaël Geljić [ 11/Jun/21 ] |
|
First off: link in description points to the report for the dx-core parent POM. Not representative of our distributed webapps/bundles.
Admittedly confusing, that said:
|
| Comment by Mikaël Geljić [ 11/Jun/21 ] |
|
Good news, managed to pull project suppressions to whole dx-core reactor:
=> Overall, covering all modules seems very reasonable. Keeping pipeline unchanged in this ticket, should file follow-ups to address vulnerabilities above before broadening execution. |