Ignore yet an other jackson vulnerability

5 years ago · c0fa01206a
parent e085d77635
commit c0fa01206a
1 changed files with 5 additions and 0 deletions
--- a/airsonic-main/cve-suppressed.xml
+++ b/airsonic-main/cve-suppressed.xml
@ -213,4 +213,9 @@
        <gav regex="true">.*jackson-databind.*</gav>
        <cve>CVE-2019-14439</cve>
    </suppress>
+    <suppress>
+        <notes>We do not enable default typing for jackson</notes>
+        <gav regex="true">.*jackson-databind.*</gav>
+        <cve>CVE-2019-12384</cve>
+    </suppress>
 </suppressions>