Suppress build failure for CVE-2025-58782 FileVault is not affected as it doesn't use JNDI

commit: 4e48737aa77a710a211d80cb1cdff6e5d96d0ea2 [log] [tgz]
author: Konrad Windszus <kwin@apache.org> Thu Sep 11 18:14:33 2025 +0200
committer: Konrad Windszus <konrad@windszus.net> Thu Sep 11 18:33:59 2025 +0200
tree: be06fca200baac3c7d58ce81affa67a59eb4e343
parent: c78cd6a74f09fbe6c7b48366707c3136580133e4 [diff]
diff --git a/suppressions.xml b/suppressions.xml
index b54582e..406b15e 100644
--- a/suppressions.xml
+++ b/suppressions.xml

@@ -78,4 +78,11 @@
        <packageUrl regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$</packageUrl>
        <cve>CVE-2021-4277</cve>
     </suppress>
+    <suppress>
+       <notes><![CDATA[
+       file name: jackrabbit-jcr-commons-2.20.17.jar with JNDI usage, not used in FileVault
+       ]]></notes>
+       <packageUrl regex="true">^pkg:maven/org\.apache\.jackrabbit/jackrabbit-jcr-commons@.*$</packageUrl>
+       <vulnerabilityName>CVE-2025-58782</vulnerabilityName>
+    </suppress>
 </suppressions>
\ No newline at end of file
commit	4e48737aa77a710a211d80cb1cdff6e5d96d0ea2	[log] [tgz]
author	Konrad Windszus <kwin@apache.org>	Thu Sep 11 18:14:33 2025 +0200
committer	Konrad Windszus <konrad@windszus.net>	Thu Sep 11 18:33:59 2025 +0200
tree	be06fca200baac3c7d58ce81affa67a59eb4e343
parent	c78cd6a74f09fbe6c7b48366707c3136580133e4 [diff]