Suppressing false positive CVE-2020-7791 (#11215) * suppressing false positive CVE-2020-7791 * add comments

commit: 351059ca435233a5ddf60ef998b2fd4f3612f1e2 [log] [tgz]
author: Maytas Monsereenusorn <maytasm@apache.org> Thu May 06 15:24:12 2021 -0700
committer: GitHub <noreply@github.com> Thu May 06 15:24:12 2021 -0700
tree: 1d463661008aefb72fa6b12a79d9c2ac7d7175aa
parent: ac95f99d591a2dc7f23d1680ebb522ce369441da [diff]
diff --git a/owasp-dependency-check-suppressions.xml b/owasp-dependency-check-suppressions.xml
index 30147fb..5326442 100644
--- a/owasp-dependency-check-suppressions.xml
+++ b/owasp-dependency-check-suppressions.xml

@@ -158,6 +158,14 @@
     <cve>CVE-2019-17195</cve>
   </suppress>
   <suppress>
+    <!-- This CVE is a false positive. The CVE is not for apacheds-i18n -->
+    <notes><![CDATA[
+   file name: apacheds-i18n-2.0.0-M15.jar
+   ]]></notes>
+    <packageUrl regex="true">^pkg:maven/org\.apache\.directory\.server/apacheds\-i18n@.*$</packageUrl>
+    <cve>CVE-2020-7791</cve>
+  </suppress>
+  <suppress>
       <!-- TODO: Fix by using com.datastax.oss:java-driver-core instead of com.netflix.astyanax:astyanax in extensions-contrib/cassandra-storage -->
       <notes><![CDATA[
    file name: libthrift-0.6.1.jar
commit	351059ca435233a5ddf60ef998b2fd4f3612f1e2	[log] [tgz]
author	Maytas Monsereenusorn <maytasm@apache.org>	Thu May 06 15:24:12 2021 -0700
committer	GitHub <noreply@github.com>	Thu May 06 15:24:12 2021 -0700
tree	1d463661008aefb72fa6b12a79d9c2ac7d7175aa
parent	ac95f99d591a2dc7f23d1680ebb522ce369441da [diff]