| <!-- |
| ~ Licensed to the Apache Software Foundation (ASF) under one |
| ~ or more contributor license agreements. See the NOTICE file |
| ~ distributed with this work for additional information |
| ~ regarding copyright ownership. The ASF licenses this file |
| ~ to you under the Apache License, Version 2.0 (the |
| ~ "License"); you may not use this file except in compliance |
| ~ with the License. You may obtain a copy of the License at |
| ~ |
| ~ http://www.apache.org/licenses/LICENSE-2.0 |
| ~ |
| ~ Unless required by applicable law or agreed to in writing, software |
| ~ distributed under the License is distributed on an "AS IS" BASIS, |
| ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| ~ See the License for the specific language governing permissions and |
| ~ limitations under the License. |
| --> |
| <!-- |
| copy suppressions / false positives here if there are any, how to do it is explained in |
| https://jeremylong.github.io/DependencyCheck/general/suppression.html |
| --> |
| <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> |
| <suppress> |
| <!-- https://issues.apache.org/jira/browse/CASSANDRA-16150 --> |
| <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl> |
| <cve>CVE-2017-18640</cve> |
| </suppress> |
| |
| <!-- https://issues.apache.org/jira/browse/CASSANDRA-15417 --> |
| <suppress> |
| <packageUrl regex="true">^pkg:maven/io\.netty/netty\-all@.*$</packageUrl> |
| <cve>CVE-2019-16869</cve> |
| <cve>CVE-2019-20444</cve> |
| <cve>CVE-2019-20445</cve> |
| <cve>CVE-2020-7238</cve> |
| <cve>CVE-2021-21290</cve> |
| <cve>CVE-2021-21295</cve> |
| <cve>CVE-2021-21409</cve> |
| <cve>CVE-2021-37136</cve> |
| <cve>CVE-2021-37137</cve> |
| <cve>CVE-2021-43797</cve> |
| <cve>CVE-2022-24823</cve> |
| </suppress> |
| |
| <!-- https://issues.apache.org/jira/browse/CASSANDRA-14183 --> |
| <suppress> |
| <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-core@.*$</packageUrl> |
| <cve>CVE-2017-5929</cve> |
| </suppress> |
| <suppress> |
| <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-classic@.*$</packageUrl> |
| <cve>CVE-2017-5929</cve> |
| </suppress> |
| |
| <!-- this was fixed in 3.0.22 --> |
| <suppress> |
| <packageUrl regex="true">^pkg:maven/com\.datastax\.cassandra/cassandra\-driver\-core@.*$</packageUrl> |
| <cve>CVE-2020-13946</cve> |
| <cve>CVE-2020-17516</cve> |
| <cve>CVE-2021-44521</cve> |
| </suppress> |
| |
| <!-- https://issues.apache.org/jira/browse/CASSANDRA-14760 --> |
| <suppress> |
| <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl> |
| <cve>CVE-2018-10237</cve> |
| <cve>CVE-2020-8908</cve> |
| </suppress> |
| |
| <!-- https://issues.apache.org/jira/browse/CASSANDRA-16606 --> |
| <suppress> |
| <packageUrl regex="true">^pkg:maven/org\.apache\.thrift/libthrift@.*$</packageUrl> |
| <cve>CVE-2015-3254</cve> |
| <cve>CVE-2016-5397</cve> |
| <cve>CVE-2018-1320</cve> |
| <cve>CVE-2018-11798</cve> |
| <cve>CVE-2019-0205</cve> |
| </suppress> |
| </suppressions> |