Ignore CVE-2019-14379

5 years ago · 8260fed1b3
parent b650ac70d6
commit 8260fed1b3
1 changed files with 5 additions and 0 deletions
--- a/airsonic-main/cve-suppressed.xml
+++ b/airsonic-main/cve-suppressed.xml
@ -203,4 +203,9 @@
        <gav regex="true">^javax\.servlet:jstl:.*$</gav>
        <cve>CVE-2015-0254</cve>
    </suppress>
+    <suppress>
+        <notes>We do not enable default typing for jackson</notes>
+        <gav regex="true">.*jackson-databind.*</gav>
+        <cve>CVE-2019-14379</cve>
+    </suppress>
 </suppressions>