Skip to content

Commit

Permalink
Started working on CVS mitigations
Browse files Browse the repository at this point in the history
  • Loading branch information
@robmoffat
robmoffat committed Jan 8, 2025
1 parent d768659 commit eb47df4
Show file tree
Hide file tree
Showing 2 changed files with 96 additions and 2 deletions.
96 changes: 95 additions & 1 deletion .github/workflows/allow-list.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,23 +57,117 @@
These are added in the conversion from spring2 to spring3.
</notes>
<cve>CVE-2023-36052</cve>
</suppress>

<suppress>
<notes>
An issue was discovered in Bouncy Castle Java Cryptography APIs
before 1.78. An Ed25519 verification code infinite loop can occur via
a crafted signature and public key.

We don't use that.
</notes>
<cve>CVE-2024-30172</cve>
</suppress>
<suppress>
<notes>
</notes>

<cve>CVE-2024-30171</cve>
</suppress>


<suppress>
<notes>
</notes>
<cve>CVE-2024-29857</cve>
</suppress>

<suppress>
<notes>
</notes>
<cve>CVE-2024-34447</cve>
</suppress>

<suppress>
<notes>
</notes>
<cve>CVE-2024-35255</cve>
</suppress>

<suppress>
<notes>
</notes>
<cve>CVE-2023-1370</cve>
</suppress>

<suppress>
<notes>
</notes>
<cve>CVE-2023-52428</cve>
</suppress>

<suppress>
<notes>
</notes>
<cve>CVE-2010-0538</cve>
</suppress>

<suppress>
<notes>
</notes>
<cve>CVE-2021-3869</cve>
</suppress>

<suppress>
<notes>
</notes>
<cve>CVE-2022-0198</cve>
</suppress>

<suppress>
<notes>
</notes>
<cve>CVE-2017-10355</cve>
</suppress>

<suppress>
<notes>
</notes>
<cve>CVE-2020-10146</cve>
<cve>CVE-2024-38820</cve>
</suppress>

<suppress>
<notes>
</notes>
<cve>CVE-2024-38820</cve>
</suppress>

<suppress>
<notes>
</notes>
<cve>CVE-2024-38809</cve>
</suppress>

<suppress>
<notes>
</notes>
<cve>CVE-2024-38816</cve>
</suppress>

<suppress>
<notes>
</notes>
<cve>CVE-2023-7272</cve>
</suppress>
<suppress>
<notes>
</notes>
<cve>CVE-2024-45772</cve>
</suppress>
<suppress>
<notes>
</notes>
<cve>CVE-2024-7254</cve>
</suppress>

Expand Down
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@
<okio-jvm.version>3.4.0</okio-jvm.version>
<guava.version>32.1.0-jre</guava.version>
<jsoup.version>1.17.2</jsoup.version>
<graalvm.version>23.0.3</graalvm.version>
<graalvm.version>24.1.1</graalvm.version>
<symphony-bdk.version>3.0.0</symphony-bdk.version>
<!--<mimepull.version>1.9.15</mimepull.version>-->
<!--<thymeleaf.version>2.7.0</thymeleaf.version>-->
Expand Down

0 comments on commit eb47df4

Please sign in to comment.