From 2a2d7bf1861a3c4bbc9a556893832134afccf6cd Mon Sep 17 00:00:00 2001
From: Michael Hoennig <michael@hoennig.de>
Date: Tue, 8 Oct 2024 19:47:35 +0200
Subject: [PATCH] OWASP suppressions and adding missing allowed licenses

---
 etc/allowed-licenses.json                  | 4 +++-
 etc/owasp-dependency-check-suppression.xml | 6 ++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/etc/allowed-licenses.json b/etc/allowed-licenses.json
index 3b451848..65aa236e 100644
--- a/etc/allowed-licenses.json
+++ b/etc/allowed-licenses.json
@@ -1,7 +1,8 @@
 {
     "allowedLicenses": [
-        { "moduleLicense": "Apache 2.0" },
         { "moduleLicense": "Apache 2" },
+        { "moduleLicense": "Apache 2.0" },
+        { "moduleLicense": "Apache-2.0" },
         { "moduleLicense": "Apache License 2.0" },
         { "moduleLicense": "Apache License v2.0" },
         { "moduleLicense": "Apache License, Version 2.0" },
@@ -33,6 +34,7 @@
         { "moduleLicense": "GPL2 w/ CPE" },
 
         { "moduleLicense": "LGPL, version 2.1"},
+        { "moduleLicense": "LGPL-2.1-or-later"},
 
         { "moduleLicense": "MIT License" },
         { "moduleLicense": "MIT" },
diff --git a/etc/owasp-dependency-check-suppression.xml b/etc/owasp-dependency-check-suppression.xml
index af4269d4..271f1f6d 100644
--- a/etc/owasp-dependency-check-suppression.xml
+++ b/etc/owasp-dependency-check-suppression.xml
@@ -14,4 +14,10 @@
         <packageUrl regex="true">^pkg:maven/org\.pitest/pitest\-command\-line@.*$</packageUrl>
         <cpe>cpe:/a:line:line</cpe>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+           Malicious HTTP redirect in JAXB on a REST-endpoint is not that dangerous.
+        ]]></notes>
+        <cve>CVE-2024-9329</cve>
+    </suppress>
 </suppressions>