From 300c1f8ed1a827887476f46c262be0c0fa25e2ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=81ukasz=20Dziedziul?= <lukasz.dziedziul@hazelcast.com>
Date: Fri, 11 Aug 2023 15:06:18 +0200
Subject: [PATCH] Ignore CVE-2023-33265 in HZ 3 connector [5.0.z] (#625)

---
 .github/containerscan/.trivyignore | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/containerscan/.trivyignore b/.github/containerscan/.trivyignore
index 85ff00cf..4d7587fd 100644
--- a/.github/containerscan/.trivyignore
+++ b/.github/containerscan/.trivyignore
@@ -1,10 +1,13 @@
 # Add ignored CVEs in new lines below
 
-#See https://github.com/hazelcast/hazelcast/issues/20807 and https://issues.apache.org/jira/browse/HADOOP-18197
+# See https://github.com/hazelcast/hazelcast/issues/20807 and https://issues.apache.org/jira/browse/HADOOP-18197
 CVE-2022-3171
 
-#See https://github.com/hazelcast/hazelcast/issues/20807 and https://issues.apache.org/jira/browse/HADOOP-18197
+# See https://github.com/hazelcast/hazelcast/issues/20807 and https://issues.apache.org/jira/browse/HADOOP-18197
 CVE-2021-22570
 
-#See https://github.com/hazelcast/hazelcast/issues/24981
+# See https://github.com/hazelcast/hazelcast/issues/24981
 CVE-2023-2976
+
+# This issue is reported due to HZ 3 connector which was removed in 5.4.0-SNAPSHOT. This fix was applied only for 5.x+ HZ versions
+CVE-2023-33265