diff --git a/.github/workflows/ci-owasp-dependency-check.yaml b/.github/workflows/ci-owasp-dependency-check.yaml
index 0ee1275bdfefc..c63bdb29e0328 100644
--- a/.github/workflows/ci-owasp-dependency-check.yaml
+++ b/.github/workflows/ci-owasp-dependency-check.yaml
@@ -40,15 +40,12 @@ jobs:
matrix:
include:
- branch: master
+ - branch: branch-3.2
- branch: branch-3.1
- branch: branch-3.0
- branch: branch-2.11
- branch: branch-2.10
jdk: 11
- - branch: branch-2.9
- jdk: 11
- - branch: branch-2.8
- jdk: 11
steps:
- name: checkout
@@ -84,6 +81,9 @@ jobs:
- name: run OWASP Dependency Check for distribution/server (-DfailBuildOnAnyVulnerability=true)
run: mvn -B -ntp -Pmain,skip-all,skipDocker,owasp-dependency-check initialize verify -pl distribution/server -DfailBuildOnAnyVulnerability=true
+ - name: run OWASP Dependency Check for distribution/offloaders and distribution/io
+ run: mvn -B -ntp -Pmain,skip-all,skipDocker,owasp-dependency-check initialize verify -pl distribution/offloaders,distribution/io
+
- name: Upload OWASP Dependency Check reports
uses: actions/upload-artifact@v3
if: always()
diff --git a/pom.xml b/pom.xml
index eccc8365eb011..f7b1267f9acea 100644
--- a/pom.xml
+++ b/pom.xml
@@ -295,7 +295,7 @@ flexible messaging model and an intuitive client API.
0.1.4
1.3
0.4
- 8.2.1
+ 9.0.7
0.9.44
1.6.1
6.4.0
diff --git a/src/owasp-dependency-check-false-positives.xml b/src/owasp-dependency-check-false-positives.xml
index 345be8f4d2c06..5abcae4efd532 100644
--- a/src/owasp-dependency-check-false-positives.xml
+++ b/src/owasp-dependency-check-false-positives.xml
@@ -201,4 +201,12 @@
flat_project is not used at all.
cpe:/a:flat_project:flat
+
+
+
+ ^pkg:maven/org\.eclipse\.jetty/jetty\-servlets@.*$
+ CVE-2023-36479
+
\ No newline at end of file