improve-message

Signed-off-by: Ryan Northey <[email protected]>
envoyproxy · Oct 26, 2021 · 2d8238f · 2d8238f
1 parent 489cdba
commit 2d8238f
Showing 1 changed file with 9 additions and 8 deletions.
diff --git a/tools/dependency/cve_scan.py b/tools/dependency/cve_scan.py
@@ -75,20 +75,21 @@
     'CVE-2021-22931',
     'CVE-2021-22939',
     'CVE-2021-22940',
-    # This cve only affects versions of kafka < 2.8.1, but scanner
-    # does not support version matching atm.
-    # Tracking issue to fix versioning:
-    #  https://github.com/envoyproxy/envoy/issues/18354
+    #
+    # Currently, cvescan does not respect/understand versions (see #18354).
+    #
+    # The following CVEs target versions that are not currently used in the Envoy repo.
+    #
+    # libcurl
+    "CVE-2021-22945",
+    #
+    # kafka
     'CVE-2021-38153',
-    # Excluded by version
     #
     # wasmtime
     "CVE-2021-39216",
     "CVE-2021-39218",
     "CVE-2021-39219",
-    #
-    # libcurl
-    "CVE-2021-22945",
 ])
 
 # Subset of CVE fields that are useful below.