11<?xml version =" 1.0" encoding =" UTF-8"
2- <suppressions xmlns =" https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"
3- <suppress >
4- <notes ><![CDATA[
5- Testing false positives by suppressing a CVE
6- ]]> </notes >
7- <filePath regex =" true" filePath >
8- <cve >CVE-2023-24998</cve >
9- <cve >CVE-2016-3092</cve >
10- <cve >CVE-2016-1000031</cve >
11- <cve >CVE-2014-0050</cve >
12- <cve >CVE-2013-2186</cve >
13- </suppress >
14-
15- <suppress >
16- <notes ><![CDATA[
17- Testing false positives by suppressing a CVE
18- ]]> </notes >
19- <filePath regex =" true" filePath >
20- <cve >CVE-2021-29425</cve >
21- </suppress >
22-
23- <suppress >
24- <notes ><![CDATA[
25- Testing false positives by suppressing a CVE
26- ]]> </notes >
27- <filePath regex =" true" filePath >
28- <cve >CVE-2013-1966</cve >
29- <cve >CVE-2016-4461</cve >
30- <cve >CVE-2013-1965</cve >
31- <cve >CVE-2016-2162</cve >
32- <cve >CVE-2013-2115</cve >
33- <cve >CVE-2014-0112</cve >
34- <cve >CVE-2019-0233</cve >
35- <cve >CVE-2017-9787</cve >
36- </suppress >
37-
38- <suppress >
39- <notes ><![CDATA[
40- Testing false positives by suppressing a CVE
41- ]]> </notes >
42- <filePath regex =" true" filePath >
43- <cve >CVE-2016-3093</cve >
44- </suppress >
2+ <!--
3+ ~ Copyright 2024 REGnosys
4+ ~
5+ ~ Licensed under the Apache License, Version 2.0 (the "License");
6+ ~ you may not use this file except in compliance with the License.
7+ ~ You may obtain a copy of the License at
8+ ~
9+ ~ http://www.apache.org/licenses/LICENSE-2.0
10+ ~
11+ ~ Unless required by applicable law or agreed to in writing, software
12+ ~ distributed under the License is distributed on an "AS IS" BASIS,
13+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14+ ~ See the License for the specific language governing permissions and
15+ ~ limitations under the License.
16+ -->
4517
46- <suppress >
47- <notes ><![CDATA[
48- Testing false positives by suppressing a CVE
49- ]]> </notes >
50- <filePath regex =" true" filePath >
51- <cve >CVE-2016-4461</cve >
52- <cve >CVE-2015-5209</cve >
53- <cve >CVE-2016-2162</cve >
54- <cve >CVE-2018-1327</cve >
55- <cve >CVE-2012-0394</cve >
56- <cve >CVE-2015-2992</cve >
57- <cve >CVE-2016-3093</cve >
58- <cve >CVE-2023-34396</cve >
59- <cve >CVE-2016-0785</cve >
60- <cve >CVE-2016-4003</cve >
61- <cve >CVE-2013-2248</cve >
62- <cve >CVE-2017-5638</cve >
63- <cve >CVE-2015-5169</cve >
64- <cve >CVE-2017-9793</cve >
65- <cve >CVE-2016-4430</cve >
66- <cve >CVE-2017-9791</cve >
67- <cve >CVE-2016-3081</cve >
68- <cve >CVE-2016-3082</cve >
69- <cve >CVE-2023-34149</cve >
70- <cve >CVE-2019-0230</cve >
71- <cve >CVE-2013-2134</cve >
72- <cve >CVE-2016-4436</cve >
73- <cve >CVE-2019-0233</cve >
74- <cve >CVE-2021-31805</cve >
75- <cve >CVE-2014-7809</cve >
76- <cve >CVE-2013-2135</cve >
77- <cve >CVE-2014-0116</cve >
78- <cve >CVE-2013-2251</cve >
79- <cve >CVE-2013-4310</cve >
80- <cve >CVE-2013-1966</cve >
81- <cve >CVE-2017-9804</cve >
82- <cve >CVE-2013-1965</cve >
83- <cve >CVE-2017-9805</cve >
84- <cve >CVE-2017-12611</cve >
85- <cve >CVE-2013-2115</cve >
86- <cve >CVE-2014-0113</cve >
87- <cve >CVE-2013-4316</cve >
88- <cve >CVE-2014-0112</cve >
89- <cve >CVE-2018-11776</cve >
90- <cve >CVE-2016-3090</cve >
91- <cve >CVE-2017-9787</cve >
92- <cve >CVE-2014-0094</cve >
93- <cve >CVE-2020-17530</cve >
94- </suppress >
95-
96- <suppress >
97- <notes ><![CDATA[
98- file name: sample-project-0.0.1.jar (shaded: commons-fileupload:commons-fileupload:1.2.2)
99- ]]> </notes >
100- <packageUrl regex =" true" packageUrl >
101- <cve >CVE-2013-0248</cve >
102- </suppress >
103-
104- <suppress >
105- <notes ><![CDATA[
106- file name: sample-project-0.0.1.jar (shaded: org.apache.struts:struts2-core:2.3.8)
107- ]]> </notes >
108- <packageUrl regex =" true" packageUrl >
109- <cve >CVE-2023-50164</cve >
110- <cve >CVE-2023-41835</cve >
111- </suppress >
18+ <suppressions xmlns =" https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"
19+ <suppress >
20+ <notes ><![CDATA[
21+ This CVE only affects projects fetching p2 repo's over HTTP, but we use HTTPS.
22+ ]]> </notes >
23+ <cve >CVE-2021-41033</cve >
24+ </suppress >
25+ <suppress >
26+ <notes ><![CDATA[
27+ We are using Reload4j, which is a secure drop-in replacement for log4j.
28+ ]]> </notes >
29+ <cve >CVE-2020-9493</cve >
30+ </suppress >
31+ <suppress >
32+ <notes ><![CDATA[
33+ We are using Reload4j, which is a secure drop-in replacement for log4j.
34+ ]]> </notes >
35+ <cve >CVE-2022-23307</cve >
36+ </suppress >
37+ <suppress >
38+ <notes ><![CDATA[
39+ This CVE is not about org.junit.platform.commons. It seems the check is
40+ too loose.
41+ ]]> </notes >
42+ <cve >CVE-2020-27225</cve >
43+ </suppress >
44+ <suppress >
45+ <notes ><![CDATA[
46+ This CVE only affects projects using Xtext prior to 2.18.0.
47+ ]]> </notes >
48+ <cve >CVE-2019-10249</cve >
49+ </suppress >
50+ <suppress >
51+ <notes ><![CDATA[
52+ Calling the method `com.google.common.io.Files.createTempDir` is a vulnerability,
53+ but we do not call it.
54+ ]]> </notes >
55+ <cve >CVE-2020-8908</cve >
56+ </suppress >
57+ <suppress >
58+ <notes ><![CDATA[
59+ We are not creating SVG's with Batik of Apache XML Graphics.
60+ ]]> </notes >
61+ <cve >CVE-2022-41704</cve >
62+ </suppress >
63+ <suppress >
64+ <notes ><![CDATA[
65+ We are not creating SVG's with Batik of Apache XML Graphics.
66+ ]]> </notes >
67+ <cve >CVE-2022-42890</cve >
68+ </suppress >
69+ <suppress >
70+ <notes ><![CDATA[
71+ This CVE is not about org.eclipse.e4.emf.xpath. It seems the check is
72+ too loose.
73+ ]]> </notes >
74+ <cve >CVE-2022-41852</cve >
75+ </suppress >
76+ <suppress >
77+ <notes ><![CDATA[
78+ This only affects milestone and RC versions, but we use a stable release.
79+ ]]> </notes >
80+ <cve >CVE-2020-15824</cve >
81+ </suppress >
11282</suppressions >
0 commit comments