| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. --> |
| <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> |
| |
| <!-- Wrong GAV detection --> |
| <suppress> |
| <notes><![CDATA[file name: scim-server-*.jar]]></notes> |
| <gav regex="true">^org\.apache\.directory\.scim:.*$</gav> |
| <cpe>cpe:/a:apache:apache_http_server</cpe> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: scim-server-*.jar]]></notes> |
| <gav regex="true">^org\.apache\.directory\.scim:.*$</gav> |
| <cpe>cpe:/a:apache:http_server</cpe> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[ |
| Weld contains META-INF/client/probe.js which includes old versions of bootstrap and JQuery |
| Weld is only used in an example, and the JS client is not used |
| file name: weld-probe-core-4.0.3.Final.jar: probe.js]]></notes> |
| <packageUrl regex="true">^pkg:javascript/bootstrap@.*$</packageUrl> |
| <cve>CVE-2017-18214</cve> |
| <cve>CVE-2022-24785</cve> |
| <cve>CVE-2015-9251</cve> |
| <cve>CVE-2016-10735</cve> |
| <cve>CVE-2018-14040</cve> |
| <cve>CVE-2018-14041</cve> |
| <cve>CVE-2018-14042</cve> |
| <cve>CVE-2019-11358</cve> |
| <cve>CVE-2019-8331</cve> |
| <cve>CVE-2020-11022</cve> |
| <cve>CVE-2020-11023</cve> |
| <vulnerabilityName>Regular Expression Denial of Service (ReDoS)</vulnerabilityName> |
| <vulnerabilityName>reDOS - regular expression denial of service</vulnerabilityName> |
| </suppress> |
| |
| <suppress> |
| <notes><![CDATA[ |
| False positive: wrong GAV |
| fan_platform is a python project |
| file name: junit-platform-engine-1.8.2.jar]]></notes> |
| <cpe>cpe:/a:fan_platform_project:fan_platform</cpe> |
| </suppress> |
| |
| </suppressions> |