Skip to content

Commit e2daa6b

Browse files
labkey-adamlabkey-adam
authored
Suppress Rhino complaint for now (#1233)
1 parent bb33116 commit e2daa6b

File tree

1 file changed

+12
-0
lines changed

1 file changed

+12
-0
lines changed

dependencyCheckSuppression.xml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -248,4 +248,16 @@
248248
<packageUrl regex="true">^pkg:maven/com\.google\.code\.gson/gson@.*$</packageUrl>
249249
<vulnerabilityName>CVE-2025-53864</vulnerabilityName>
250250
</suppress>
251+
252+
<!--
253+
Rhino 1.7R3 is getting flagged with a potential DoS issue when toFixed() is called on very small floating point numbers.
254+
Upgrading to a fixed version is not trivial. See https://github.com/LabKey/internal-issues/issues/724 for details.
255+
-->
256+
<suppress>
257+
<notes><![CDATA[
258+
file name: rhino-1.7R3.jar
259+
]]></notes>
260+
<packageUrl regex="true">^pkg:maven/org\.mozilla/rhino@.*$</packageUrl>
261+
<vulnerabilityName>CVE-2025-66453</vulnerabilityName>
262+
</suppress>
251263
</suppressions>

0 commit comments

Comments
 (0)