| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to you under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> |
| <suppress> |
| <notes><![CDATA[file name: commons-net-.*.jar]]></notes> |
| <gav regex="true">^commons-net:commons-net:.*$</gav> |
| <cpe>cpe:/a:echo_project:echo</cpe> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: cloudera-manager-api-swagger.*.jar]]></notes> |
| <gav regex="true">^com\.cloudera\.api\.swagger:cloudera-manager-api-swagger:.*$</gav> |
| <cpe>cpe:/a:cloudera:cloudera_manager</cpe> |
| <cpe>cpe:/a:cloudera:manager</cpe> |
| <cpe>cpe:/a:swagger:swagger-codegen</cpe> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: amqp-client-.*.jar]]></notes> |
| <gav regex="true">^com\.rabbitmq:amqp-client:.*$</gav> |
| <cpe>cpe:/a:pivotal_software:rabbitmq</cpe> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: forbiddenapis.*.jar]]></notes> |
| <gav regex="true">^de\.thetaphi:forbiddenapis:.*$</gav> |
| <cpe>cpe:/a:gradle:gradle</cpe> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: netty-*.Final.jar]]></notes> |
| <gav regex="true">^io\.netty:netty:.*$</gav> |
| <cve>CVE-2019-16869</cve> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: javax.jws-api-.*.jar]]></notes> |
| <gav regex="true">^javax\.jws:javax\.jws-api:.*$</gav> |
| <cpe>cpe:/a:oracle:glassfish</cpe> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: curator-.*.jar]]></notes> |
| <gav regex="true">^org\.apache\.curator:curator-.*:.*$</gav> |
| <cpe>cpe:/a:apache:zookeeper</cpe> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: apacheds-all-2.0.0-M24.jar (shaded: org.apache.directory.api:api-util:1.0.0)]]></notes> |
| <gav regex="true">^org\.apache\.directory\.api:.*$</gav> |
| <cve>CVE-2015-3250</cve> <!-- Already past 1.0.0-M30 --> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: apacheds-.*.jar]]></notes> |
| <gav regex="true">^org\.apache\.directory\.server:apacheds-.*$</gav> |
| <cpe>cpe:/a:apache:apache_http_server</cpe> |
| <cpe>cpe:/a:apache:http_server</cpe> |
| <cpe>cpe:/a:net-ldap_project:net-ldap</cpe> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: gateway-.*.jar]]></notes> |
| <gav regex="true">^org\.apache\.knox:gateway-.*:.*$</gav> |
| <cpe>cpe:/a:apache:ambari</cpe> |
| <cpe>cpe:/a:apache:apache_http_server</cpe> |
| <cpe>cpe:/a:apache:apache_test</cpe> |
| <cpe>cpe:/a:apache:hadoop</cpe> |
| <cpe>cpe:/a:apache:hbase</cpe> |
| <cpe>cpe:/a:apache:hive</cpe> |
| <cpe>cpe:/a:apache:http_server</cpe> |
| <cpe>cpe:/a:apache:impala</cpe> |
| <cpe>cpe:/a:apache:nifi</cpe> |
| <cpe>cpe:/a:apache:shiro</cpe> |
| <cpe>cpe:/a:apache:storm</cpe> |
| <cpe>cpe:/a:content_project:content</cpe> |
| <cpe>cpe:/a:jwt_project:jwt</cpe> |
| <cpe>cpe:/a:request_it:request_it</cpe> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: hadoop-examples-.*.jar]]></notes> |
| <gav regex="true">^org\.apache\.knox:hadoop-examples:.*$</gav> |
| <cpe>cpe:/a:apache:hadoop</cpe> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: zookeeper.*.jar]]></notes> |
| <gav regex="true">^org\.apache\.zookeeper:zookeeper:.*$</gav> |
| <cve>CVE-2014-0085</cve> |
| <cve>CVE-2018-8012</cve> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: groovy-.*.jar]]></notes> |
| <gav regex="true">^org\.codehaus\.groovy:groovy-.*:.*$</gav> |
| <cve>CVE-2016-6497</cve> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: jackson-jaxrs-.*.jar]]></notes> |
| <gav regex="true">^org\.codehaus\.jackson:jackson-jaxrs:.*$</gav> |
| <cpe>cpe:/a:content_project:content</cpe> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: jettison-.*.jar]]></notes> |
| <gav regex="true">^org\.codehaus\.jettison:jettison:.*$</gav> |
| <cpe>cpe:/a:st_project:st</cpe> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: eclipse persistence jars]]></notes> |
| <gav regex="true">^org\.eclipse\.persistence:.*$</gav> |
| <cpe>cpe:/a:git:git</cpe> |
| <cpe>cpe:/a:git_project:git</cpe> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: ha-api-.*.jar]]></notes> |
| <gav regex="true">^org\.glassfish\.ha:ha-api:.*$</gav> |
| <cpe>cpe:/a:eclipse:eclipse_ide</cpe> |
| <cpe>cpe:/a:oracle:glassfish</cpe> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[org.glassfish.jaxb:xsom)]]></notes> |
| <gav regex="true">^org\.glassfish\.jaxb:xsom:.*$</gav> |
| <cpe>cpe:/a:oracle:glassfish</cpe> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: cas-client-core.*.jar]]></notes> |
| <gav regex="true">^org\.jasig\.cas\.client:cas-client-core:.*$</gav> |
| <cwe>611</cwe> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: apache-jsp-.*.jar]]></notes> |
| <gav regex="true">^org\.mortbay\.jasper:apache-jsp:.*$</gav> |
| <cpe>cpe:/a:apache:tomcat</cpe> |
| <cpe>cpe:/a:apache_software_foundation:tomcat</cpe> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[slf4j-ext and EventData not used]]></notes> |
| <gav regex="true">^org\.slf4j:.*$</gav> |
| <cve>CVE-2018-8088</cve> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: spring-vault-core-.*.jar]]></notes> |
| <gav regex="true">^org\.springframework\.vault:spring-vault-core:.*$</gav> |
| <cpe>cpe:/a:pivotal:spring_framework</cpe> |
| <cpe>cpe:/a:pivotal_software:spring_framework</cpe> |
| <cpe>cpe:/a:springsource:spring_framework</cpe> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[file name: xz-.*.jar]]></notes> |
| <gav regex="true">^org\.tukaani:xz:.*$</gav> |
| <cve>CVE-2015-4035</cve> |
| </suppress> |
| </suppressions> |