Author: jleroux
Date: Fri Apr 15 17:56:06 2016
New Revision: 1739340
URL:
http://svn.apache.org/viewvc?rev=1739340&view=revLog:
No functional changes, updates suppress.xml, I will ask why we have to put all those suppressions about Tomcat 8.0.33 which is the last available version!
Modified:
ofbiz/trunk/tools/security/dependency-check/suppress.xml
Modified: ofbiz/trunk/tools/security/dependency-check/suppress.xml
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/tools/security/dependency-check/suppress.xml?rev=1739340&r1=1739339&r2=1739340&view=diff==============================================================================
--- ofbiz/trunk/tools/security/dependency-check/suppress.xml (original)
+++ ofbiz/trunk/tools/security/dependency-check/suppress.xml Fri Apr 15 17:56:06 2016
@@ -27,7 +27,7 @@
<cpe>cpe:/a:apache:tomcat:3.0</cpe>
</suppress>
- <!-- About Tomcat 8.0.33 vulnerabilities (start with jsp-api-2.3.jar): I put not suppress (there are - too much - tons of them) because none concern OFBIZ .
+ <!-- About Tomcat 8.0.33 vulnerabilities (start with jsp-api-2.3.jar): I will ask why we have to put all those suppressions :/
Note that CVE-2013-2185 is disputed by the Tomcat team, see OFBIZ-6752 for details -->
<suppress>
Locked
