| <?xml version="1.0" encoding="UTF-8"?> |
| <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd" |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| xsi:schemaLocation="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd"> |
| <suppress> |
| <notes><![CDATA[ subject of CVE is myfaces-core version, but not Tobago version ]]></notes> |
| <gav regex="true">^org\.apache\.myfaces\.tobago:.*:.*$</gav> |
| <cve>CVE-2011-4367</cve> |
| </suppress> |
| <suppress> |
| <!-- todo: it seems the CVE Database is no up-to-date: 1.3.3 contains the fix for that CVE (2017-06-15) --> |
| <notes><![CDATA[ file name: commons-fileupload-1.3.3.jar ]]></notes> |
| <gav regex="true">^commons-fileupload:commons-fileupload:1.3.3$</gav> |
| <cve>CVE-2016-1000031</cve> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[ file name: javax.el-api-3.0.1-b04.jar ]]></notes> |
| <gav regex="true">^javax\.el:javax\.el-api:.*$</gav> |
| <cve>CVE-2015-2808</cve> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[ file name: javax.el-api-3.0.1-b04.jar ]]></notes> |
| <gav regex="true">^javax\.el:javax\.el-api:.*$</gav> |
| <cve>CVE-2013-2566</cve> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[ subject of CVE is Trinidad version, but not Tobago version ]]></notes> |
| <gav regex="true">^org\.apache\.myfaces\.tobago:.*:.*$</gav> |
| <cve>CVE-2016-5019</cve> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[ subject of CVE is MyFaces Core, but not Tobago ]]></notes> |
| <gav regex="true">^org\.apache\.myfaces\.tobago:.*:.*$</gav> |
| <cve>CVE-2011-4343</cve> |
| </suppress> |
| </suppressions> |