forked from yahoo/elide
-
Notifications
You must be signed in to change notification settings - Fork 0
/
suppressions.xml
31 lines (27 loc) · 1.07 KB
/
suppressions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
<?xml version="1.0" encoding="UTF-8"?>
<suppressions
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
<suppress until="2019-12-01Z">
<notes><![CDATA[file name: jackson-databind-2.9.9.3.jar]]></notes>
<gav regex="true">^com\.fasterxml\.jackson\.core:jackson-databind.*$</gav>
<cve>CVE-2019-16335</cve>
<cve>CVE-2019-14540</cve>
</suppress>
<!-- Invalid web socket CVE (flagging wrong package) -->
<suppress until="2021-12-01Z">
<cve>CVE-2020-11050</cve>
</suppress>
<!-- Invalid Spring Security CVE -->
<suppress until="2021-12-01Z">
<cve>CVE-2018-1258</cve>
</suppress>
<!-- https://hibernate.atlassian.net/browse/HHH-14225 -->
<suppress until="2021-06-01Z">
<cve>CVE-2020-25638</cve>
</suppress>
<!-- Hibernate 3 CVE errors (only in the legacy hibernate 3 data store). Use Hibernate 3 at your own risk. -->
<suppress until="2031-06-01Z">
<cve>CVE-2020-25638</cve>
<cve>CVE-2019-14900</cve>
</suppress>
</suppressions>