Jetty is only used by developers, and never in production

So we're free to completely ignore CVE against it.
5 years ago · 58daacd9ab
parent 2c3ba680d8
commit 58daacd9ab
1 changed files with 3 additions and 3 deletions
--- a/airsonic-main/cve-suppressed.xml
+++ b/airsonic-main/cve-suppressed.xml
@ -49,9 +49,9 @@

    <!-- Jetty is currently only used for developer experimentation -->
    <suppress>
-        <notes><![CDATA[file name: jetty-schemas-3.1.jar]]></notes>
-        <gav regex="true">^org\.eclipse\.jetty\.toolchain:jetty-schemas:.*$</gav>
-        <cve>CVE-2017-9735</cve>
+        <notes>Jetty is currently only used for developer experimentations</notes>
+        <gav regex="true">^org\.eclipse\.jetty:.*$</gav>
+        <cpe>cpe:/a:org.eclipse.jetty:</cpe>
    </suppress>

    <!-- No git functionality is used from the following dependencies -->