--
You received this message because you are subscribed to the Google Groups "Dependency Check" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dependency-che...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
<?xml version="1.0" encoding="UTF-8"?>
<hints xmlns="https://jeremylong.github.io/DependencyCheck/dependency-hint.1.1.xsd">
<hint>
<given>
<fileName contains="mysql-connector"/>
</given>
<add>
<evidence type="product" source="hint" name="product" value="mysql_connectors" confidence="HIGHEST"/>
<evidence type="vendor" source="hint" name="vendor" value="oracle" confidence="HIGHEST"/>
</add>
</hint>
</hints>
mysql-connector-java-5.1.39.jar | cpe:/a:mysql:mysql:5.1.39 | mysql:mysql-connector-java:5.1.39 ✓ | High | 95 | HIGHEST | 27 |
<?xml version="1.0" encoding="UTF-8"?>
<hints xmlns="https://jeremylong.github.io/DependencyCheck/dependency-hint.1.2.xsd">
<hint>
<given>
<fileName contains="mysql-connector.*" regex="true"/>
</given>
<add>
<evidence type="product" source="hint analyzer" name="product" value="mysql_connectors" confidence="HIGHEST"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="oracle" confidence="HIGHEST"/>
</add>
</hint>
</hints>
<suppress>
<notes>We're not interested in vulnerabilities in MySQL server, only the Connector</notes>
<gav regex="true">^mysql:mysql-connector-java:.*$</gav>
<cpe>cpe:/a:mysql:mysql</cpe>
</suppress>
<suppress>
<notes>We're not interested in vulnerabilities in MySQL server, only the Connector.
Note we must specify the version number in the CPE tag otherwise the connector vulnerabilities also get excluded</notes>
<gav regex="true">^mysql:mysql-connector-java:.*$</gav>
<cpe>cpe:/a:oracle:mysql:5.1.39</cpe>
</suppress>
--
You received this message because you are subscribed to the Google Groups "Dependency Check" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dependency-check+unsubscribe@googlegroups.com.
<hint>
<given>
<fileName contains="mysql-connector-java.*" regex="true"/>
</given>
<add>
<evidence type="product" source="hint analyzer" name="product" value="mysql_connector_j" confidence="HIGHEST"/>
<evidence type="product" source="hint analyzer" name="product" value="mysql_connector/j" confidence="HIGHEST"/>
<evidence type="vendor" source="hint analyzer" name="vendor" value="oracle" confidence="HIGHEST"/>
</add>
</hint>
I'm not sure whether that's the correct approach, but I get at least on CVE instead of zero.
HTH,
Michael