remove further unnecessary excludes

2024-03-31 14:05:32 +02:00 · 2024-03-31 14:05:32 +02:00 · 952fafffdb
commit 952fafffdb
parent bdcde1519b
1 changed files with 0 additions and 35 deletions
--- a/etc/owasp-dependency-check-suppression.xml
+++ b/etc/owasp-dependency-check-suppression.xml
@ -1,33 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-    <suppress>
-        <notes><![CDATA[
-            We don't use the Spring HTTP invoker which causes this vulnerability due to Java deserialization.
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.springframework/spring-web@.*$</packageUrl>
-        <cve>CVE-2016-1000027</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-           We don't use the UNWRAP_SINGLE_VALUE_ARRAYS feature and thus are not affected.
-   ]]></notes>
-        <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
-        <cve>CVE-2022-42003</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-            We don't parse external XML.
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/org\.eclipse\.angus/angus\-activation@.*$</packageUrl>
-        <cpe>cpe:/a:eclipse:eclipse_ide</cpe>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-               We don't parse external XML.
-        ]]></notes>
-        <packageUrl regex="true">^pkg:maven/jakarta\.activation/jakarta\.activation\-api@.*$</packageUrl>
-        <cpe>cpe:/a:eclipse:eclipse_ide</cpe>
-    </suppress>
    <suppress>
        <notes><![CDATA[
           Cyclic references are not possible if file comes in JSON text format.
@ -35,13 +7,6 @@
        <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
        <cpe>cpe:/a:fasterxml:jackson-databind</cpe>
    </suppress>
-    <suppress>
-        <notes><![CDATA[
-           As far as I see Criteria.parse(...) cannot be reached with external data.
-       ]]></notes>
-        <packageUrl regex="true">^pkg:maven/com\.jayway\.jsonpath/json\-path@.*$</packageUrl>
-        <vulnerabilityName>CVE-2023-51074</vulnerabilityName>
-    </suppress>
    <suppress>
        <notes><![CDATA[
           Internal tooling, not exposed to the Internet.