forked from yahoo/elide
-
Notifications
You must be signed in to change notification settings - Fork 0
/
suppressions.xml
47 lines (36 loc) · 1.31 KB
/
suppressions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<?xml version="1.0" encoding="UTF-8"?>
<suppressions
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
<!-- Tomcat - Only related to 'Windows Language Pack Installer" -->
<suppress until="2022-12-31">
<cve>CVE-2020-0822</cve>
</suppress>
<suppress until="2022-12-31">
<notes><![CDATA[Ignored since we are not vulnerable]]></notes>
<cve>CVE-2016-1000027</cve>
</suppress>
<!-- Tomcat - Not really used by Elide (only for tests) -->
<suppress until="2022-12-31">
<cve>CVE-2022-29885</cve>
</suppress>
<!-- There is no fix for hibernate search -->
<suppress until="2022-12-31">
<cve>CVE-2017-12629</cve>
</suppress>
<!-- CVE is not matching the correct spring version -->
<suppress until="2022-12-31">
<cve>CVE-2022-22978</cve>
</suppress>
<!-- log4j-api No New Version released -->
<suppress until="2022-12-31">
<cve>CVE-2022-33915</cve>
</suppress>
<!-- CVE is unrelated to jms-api -->
<suppress until="2022-12-31">
<cve>CVE-2022-31569</cve>
</suppress>
<!-- Upgraded to recommended graphql java. The matching CVE doesn't appear to be working -->
<suppress until="2022-12-31">
<cve>CVE-2022-37734</cve>
</suppress>
</suppressions>