temporary suppression of CVE-2023-4586

Consensys · Oct 11, 2023 · f877936 · f877936
1 parent e88991f
commit f877936
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/gradle/owasp-suppression.xml b/gradle/owasp-suppression.xml
@@ -1,15 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
     <!-- See https://jeremylong.github.io/DependencyCheck/general/suppression.html for examples -->
-    <suppress until="2023-11-01">
+    <suppress until="2023-12-12">
         <notes><![CDATA[
         Temporary suppression, as it's arguably a false positive: https://github.com/netty/netty/issues/8537#issuecomment-1527896917
         The correct thing to do is ensure hostname verification is enabled: https://codetinkering.com/enable-hostname-verification-netty/
         This is indeed the case for Azure, which is the netty-handler: https://github.com/Azure/azure-sdk-for-java/issues/18286#issuecomment-947958978
         The other vulnerable lib is besu-metrics, which might want looking at, will see if this CVE gets flagged in besu first
         file name: netty-handler-4.1.97.Final.jar
         ]]></notes>
-        <packageUrl regex="true">^pkg:maven/io\.netty/netty\-handler@.*$</packageUrl>
+        <packageUrl regex="true">^pkg:maven/io\.netty/netty*@*.*$</packageUrl>
         <vulnerabilityName>CVE-2023-4586</vulnerabilityName>
      </suppress>
     <suppress>