hs.hsadmin.ng/etc/owasp-dependency-check-suppression.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress>
        <notes><![CDATA[
            We don't use the Spring HTTP invoker which causes this vulnerability due to Java deserialization.
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.springframework/spring-web@.*$</packageUrl>
        <cve>CVE-2016-1000027</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
           We don't use the UNWRAP_SINGLE_VALUE_ARRAYS feature and thus are not affected.
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
        <cve>CVE-2022-42003</cve>
    </suppress>
</suppressions>
add OWASP dependencyCheck 2022-08-04 12:26:41 +02:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">`
			`<suppress>`
			`<notes><![CDATA[`
			`We don't use the Spring HTTP invoker which causes this vulnerability due to Java deserialization.`
			`]]></notes>`
			`<packageUrl regex="true">^pkg:maven/org\.springframework/spring-web@.*$</packageUrl>`
			`<cve>CVE-2016-1000027</cve>`
			`</suppress>`
dependency upgrades and suppress irrelevant security vulnerability in jackson-databind 2022-10-05 06:31:53 +02:00			`<suppress>`
			`<notes><![CDATA[`
			`We don't use the UNWRAP_SINGLE_VALUE_ARRAYS feature and thus are not affected.`
			`]]></notes>`
			`<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>`
			`<cve>CVE-2022-42003</cve>`
			`</suppress>`
add OWASP dependencyCheck 2022-08-04 12:26:41 +02:00			`</suppressions>`