apache · smiklosovic · Feb 6, 2026 · smiklosovic · Feb 6, 2026
diff --git a/.build/owasp/dependency-check-suppressions.xml b/.build/owasp/dependency-check-suppressions.xml
@@ -43,26 +43,9 @@
         <cve>CVE-2025-58057</cve>
     </suppress>
 
-    <!-- https://issues.apache.org/jira/browse/CASSANDRA-19142 -->
-    <!-- https://issues.apache.org/jira/browse/CASSANDRA-20412 -->
+    <!-- https://issues.apache.org/jira/browse/CASSANDRA-21159 -->
     <suppress>
-        <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-core@.*$</packageUrl>
-        <cve>CVE-2023-6378</cve>
-        <cve>CVE-2023-6481</cve>
-        <cve>CVE-2024-12798</cve>
-        <cve>CVE-2024-12801</cve>
-    </suppress>
-    <suppress>
-        <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-classic@.*$</packageUrl>
-        <cve>CVE-2023-6378</cve>
-        <cve>CVE-2023-6481</cve>
-        <cve>CVE-2024-12798</cve>
-        <cve>CVE-2024-12801</cve>
-    </suppress>
-
-    <!-- https://issues.apache.org/jira/browse/CASSANDRA-20024 -->
-    <suppress>
-        <packageUrl regex="true">^pkg:maven/org\.apache\.lucene/lucene\-.*@9.7.0$</packageUrl>
-        <cve>CVE-2024-45772</cve>
+        <packageUrl regex="true">^pkg:maven/io\.netty/netty\-.*@.*$</packageUrl>
+        <cve>CVE-2025-67735</cve>
     </suppress>
 </suppressions>
diff --git a/.snyk b/.snyk
@@ -4,18 +4,8 @@ version: v1.25.0
 ignore:
   CVE-2023-44487:
     - reason: https://issues.apache.org/jira/browse/CASSANDRA-18943 -- ^pkg:maven/io\.netty/netty\-.*@.*$
-  CVE-2023-6378:
-    - reason: Suppressed due to internal review, see project's .build/dependency-check-suppressions.xml
-  CVE-2023-6481:
-    - reason: Suppressed due to internal review, see project's .build/dependency-check-suppressions.xml
-  CVE-2024-12798:
-    - reason: Suppressed due to internal review, see project's .build/dependency-check-suppressions.xml
-  CVE-2024-12801:
-    - reason: Suppressed due to internal review, see project's .build/dependency-check-suppressions.xml
   CVE-2024-29025:
     - reason: https://issues.apache.org/jira/browse/CASSANDRA-20924 -- ^pkg:maven/io\.netty/netty\-.*@.*$
-  CVE-2024-45772:
-    - reason: https://issues.apache.org/jira/browse/CASSANDRA-20024 -- ^pkg:maven/org\.apache\.lucene/lucene\-.*@9.7.0$
   CVE-2024-47535:
     - reason: https://issues.apache.org/jira/browse/CASSANDRA-20924 -- ^pkg:maven/io\.netty/netty\-.*@.*$
   CVE-2025-24970:
@@ -28,3 +18,5 @@ ignore:
     - reason: https://issues.apache.org/jira/browse/CASSANDRA-20924 -- ^pkg:maven/io\.netty/netty\-.*@.*$
   CVE-2025-58057:
     - reason: https://issues.apache.org/jira/browse/CASSANDRA-20924 -- ^pkg:maven/io\.netty/netty\-.*@.*$
+  CVE-2025-67735:
+    - reason: https://issues.apache.org/jira/browse/CASSANDRA-21159 -- ^pkg:maven/io\.netty/netty\-.*@.*$