src/main/resources/tobago/dependency-check-suppression-for-tobago-2.0.xml - myfaces-build-tools - Git at Google

 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:schemaLocation="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
   <suppress>
     <notes><![CDATA[ subject of CVE is myfaces-core version, but not Tobago version ]]></notes>
     <gav regex="true">^org\.apache\.myfaces\.tobago:.*:.*$</gav>
     <cve>CVE-2011-4367</cve>
   </suppress>
   <suppress>
     <!-- todo: it seems the CVE Database is no up-to-date: 1.3.3 contains the fix for that CVE (2017-06-15) -->
     <notes><![CDATA[ file name: commons-fileupload-1.3.3.jar ]]></notes>
     <gav regex="true">^commons-fileupload:commons-fileupload:1.3.3$</gav>
     <cve>CVE-2016-1000031</cve>
   </suppress>
   <suppress>
     <notes><![CDATA[ file name: javax.el-api-3.0.1-b04.jar ]]></notes>
     <gav regex="true">^javax\.el:javax\.el-api:.*$</gav>
     <cve>CVE-2015-2808</cve>
   </suppress>
   <suppress>
     <notes><![CDATA[ file name: javax.el-api-3.0.1-b04.jar ]]></notes>
     <gav regex="true">^javax\.el:javax\.el-api:.*$</gav>
     <cve>CVE-2013-2566</cve>
   </suppress>
   <suppress>
     <notes><![CDATA[ subject of CVE is Trinidad version, but not Tobago version  ]]></notes>
     <gav regex="true">^org\.apache\.myfaces\.tobago:.*:.*$</gav>
     <cve>CVE-2016-5019</cve>
   </suppress>
   <suppress>
     <notes><![CDATA[ subject of CVE is MyFaces Core, but not Tobago ]]></notes>
     <gav regex="true">^org\.apache\.myfaces\.tobago:.*:.*$</gav>
     <cve>CVE-2011-4343</cve>
   </suppress>
 </suppressions>
	<?xml version="1.0" encoding="UTF-8"?>
	<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
	<suppress>
	<notes><![CDATA[ subject of CVE is myfaces-core version, but not Tobago version ]]></notes>
	<gav regex="true">^org\.apache\.myfaces\.tobago:.:.$</gav>
	<cve>CVE-2011-4367</cve>
	</suppress>
	<suppress>
	<!-- todo: it seems the CVE Database is no up-to-date: 1.3.3 contains the fix for that CVE (2017-06-15) -->
	<notes><![CDATA[ file name: commons-fileupload-1.3.3.jar ]]></notes>
	<gav regex="true">^commons-fileupload:commons-fileupload:1.3.3$</gav>
	<cve>CVE-2016-1000031</cve>
	</suppress>
	<suppress>
	<notes><![CDATA[ file name: javax.el-api-3.0.1-b04.jar ]]></notes>
	<gav regex="true">^javax\.el:javax\.el-api:.*$</gav>
	<cve>CVE-2015-2808</cve>
	</suppress>
	<suppress>
	<notes><![CDATA[ file name: javax.el-api-3.0.1-b04.jar ]]></notes>
	<gav regex="true">^javax\.el:javax\.el-api:.*$</gav>
	<cve>CVE-2013-2566</cve>
	</suppress>
	<suppress>
	<notes><![CDATA[ subject of CVE is Trinidad version, but not Tobago version ]]></notes>
	<gav regex="true">^org\.apache\.myfaces\.tobago:.:.$</gav>
	<cve>CVE-2016-5019</cve>
	</suppress>
	<suppress>
	<notes><![CDATA[ subject of CVE is MyFaces Core, but not Tobago ]]></notes>
	<gav regex="true">^org\.apache\.myfaces\.tobago:.:.$</gav>
	<cve>CVE-2011-4343</cve>
	</suppress>
	</suppressions>