cecemei commented on code in PR #19384:
URL: https://github.com/apache/druid/pull/19384#discussion_r3156066036
##########
owasp-dependency-check-suppressions.xml:
##########
@@ -594,6 +595,16 @@
<cve>CVE-2023-26464</cve>
</suppress>
+ <suppress>
+ <notes><![CDATA[
+ file name: log4j-*-2.25.3.jar (all log4j artifacts)
Review Comment:
flexible either way, but i'm just thinking that since we've decided we're
not affected then we should not need to change the version or roll out security
patch for released versions
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
