Suppress kotlin vulnerability CVE-2020-15824 as kotlin is not used in…

… our actually applications at all. Also bump gradle up while we're at it.
cedardevs · Aug 17, 2020 · 1415373 · 1415373
1 parent 8037922
commit 1415373
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 1 deletion.
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.5-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.6-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
@@ -262,4 +262,12 @@
     <vulnerabilityName>CVE-2020-7663</vulnerabilityName>
   </suppress>
 
+  <suppress>
+    <notes><![CDATA[
+   file name: kotlin-*-1.3.72.jar
+   ]]></notes>
+    <filePath regex="true">.*\bkotlin-.*-1\.3\.72\.jar</filePath>
+    <cve>CVE-2020-15824</cve>
+  </suppress>
+
 </suppressions>