This is an automated email from the ASF dual-hosted git repository. yqm pushed a commit to branch 37.0.0 in repository https://gitbox.apache.org/repos/asf/druid.git
commit 27556bab76080004e519d468659d975cb591e80c Author: cecemei <[email protected]> AuthorDate: Tue Apr 14 14:48:07 2026 -0700 suppress-CVE-2026-33186 --- owasp-dependency-check-suppressions.xml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml index c1e7448ecd0..ac4599355fd 100644 --- a/owasp-dependency-check-suppressions.xml +++ b/owasp-dependency-check-suppressions.xml @@ -752,4 +752,12 @@ ]]></notes> <vulnerabilityName>CVE-2024-11407</vulnerabilityName> <!-- This CVE is a false positive for java. The CVE is related to their cpp library, not java --> </suppress> + + <suppress> + <notes><![CDATA[ + file name: grpc-*.jar (all grpc-java artifacts, any version) + ]]></notes> + <packageUrl regex="true">^pkg:maven/io\.grpc/grpc-.*@.*$</packageUrl> + <cve>CVE-2026-33186</cve> <!-- Only applicable to gRPC Go (google.golang.org/grpc < 1.79.3), not gRPC Java - https://nvd.nist.gov/vuln/detail/CVE-2026-33186 --> + </suppress> </suppressions> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
