Skip to content

Commit 4e48737

Browse files
committed
Suppress build failure for CVE-2025-58782
FileVault is not affected as it doesn't use JNDI
1 parent c78cd6a commit 4e48737

1 file changed

Lines changed: 7 additions & 0 deletions

File tree

suppressions.xml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,4 +78,11 @@
7878
<packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$</packageUrl>
7979
<cve>CVE-2021-4277</cve>
8080
</suppress>
81+
<suppress>
82+
<notes><![CDATA[
83+
file name: jackrabbit-jcr-commons-2.20.17.jar with JNDI usage, not used in FileVault
84+
]]></notes>
85+
<packageUrl regex="true">^pkg:maven/org\.apache\.jackrabbit/jackrabbit-jcr-commons@.*$</packageUrl>
86+
<vulnerabilityName>CVE-2025-58782</vulnerabilityName>
87+
</suppress>
8188
</suppressions>

0 commit comments

Comments
 (0)