forked from zalando/logbook
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cve-suppressions.xml
24 lines (24 loc) · 1.22 KB
/
cve-suppressions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<cve>CVE-2021-37533</cve>
<!-- Suppressing until the migration to Spring Framework 6-->
<cve>CVE-2016-1000027</cve>
<!-- False positive -->
<cve>CVE-2020-5408</cve>
<!-- Okhttp2 module uses the latest version of okhttp. The vulnerability is in OkHostnameVerifier.java, which is not used in this library -->
<cve>CVE-2021-0341</cve>
<!-- ktor requires a major upgrade. Suppressing until then -->
<cve>CVE-2021-4277</cve>
<!-- so far jackson-core and json-path don't have bugfix releases yet for that cve -->
<cve>CVE-2022-45688</cve>
</suppress>
<suppress>
<notes><![CDATA[
suppress CVE-2022-45688 only to pkg:maven/org.json/json
]]></notes>
<packageUrl regex="true">^(?!pkg:maven/org\.json/json@).+$</packageUrl>
<!-- Suppressing until https://github.com/jeremylong/DependencyCheck/issues/5502 has been solved -->
<cve>CVE-2022-45688</cve>
</suppress>
</suppressions>