| <?xml version="1.0" encoding="UTF-8"?> |
| <!-- |
| |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| |
| --> |
| <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> |
| <!-- add supressions for false-positives detected by OWASP Dependency Check --> |
| |
| |
| <!-- .NET CVE misdetected --> |
| <suppress> |
| <notes><![CDATA[ |
| file name: avro-1.10.2.jar |
| ]]></notes> |
| <packageUrl regex="true">^pkg:maven/org\.apache\.avro/avro@.*$</packageUrl> |
| <cve>CVE-2021-43045</cve> |
| </suppress> |
| |
| <!-- various issues shaded with current pulsar-client --> |
| <suppress> |
| <notes><![CDATA[ |
| file name: pulsar-client-2.8.2.jar (shaded: io.netty:netty-tcnative-classes:2.0.46.Final) |
| ]]></notes> |
| <sha1>a7320b070f2c6a163d8c4c2950ff17082a2b33d4</sha1> |
| <cve>CVE-2014-3488</cve> |
| <cve>CVE-2015-2156</cve> |
| <cve>CVE-2019-16869</cve> |
| <cve>CVE-2019-20444</cve> |
| <cve>CVE-2019-20445</cve> |
| <cve>CVE-2021-21290</cve> |
| <cve>CVE-2021-21295</cve> |
| <cve>CVE-2021-21409</cve> |
| <cve>CVE-2021-37136</cve> |
| <cve>CVE-2021-37137</cve> |
| <cve>CVE-2021-43797</cve> |
| </suppress> |
| |
| <suppress> |
| <notes><![CDATA[ |
| file name: pulsar-client-2.8.2.jar (shaded: org.apache.avro:avro:1.10.2) |
| ]]></notes> |
| <sha1>5cb8867fb7a5076528ed53b4f94cabfdbfb57115</sha1> |
| <cve>CVE-2021-43045</cve> |
| </suppress> |
| |
| <suppress> |
| <notes><![CDATA[ |
| file name: pulsar-client-2.8.2.jar (shaded: org.apache.avro:avro-protobuf:1.10.2) |
| ]]></notes> |
| <sha1>01f03a6cdb87d323802420a904363d2a282bb61a</sha1> |
| <cve>CVE-2021-43045</cve> |
| </suppress> |
| |
| </suppressions> |