forked from igniterealtime/Openfire
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.dependency-check-suppressions.xml
43 lines (43 loc) · 1.99 KB
/
.dependency-check-suppressions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[
Ignore Openfire for the search jar, else dependency-check picks up every Openfire CVE since Openfire v1.7.2
file name: search.jar: search-1.7.2.jar
]]> </notes>
<packageUrl regex="true">^pkg:maven/org\.igniterealtime\.openfire\.plugins/search@.*$</packageUrl>
<cpe>cpe:/a:igniterealtime:openfire</cpe>
</suppress>
<suppress>
<notes><![CDATA[
Ignore Openfire for the search jar, else dependency-check picks up every Openfire CVE since Openfire v1.7.2
file name: search.jar: search-1.7.2.jar
]]> </notes>
<packageUrl regex="true">^pkg:maven/org\.igniterealtime\.openfire\.plugins/search@.*$</packageUrl>
<cpe>cpe:/a:ignite_realtime:openfire</cpe>
</suppress>
<suppress>
<notes><![CDATA[
Ignore tag_project:tag - it's an MP3 tagging tool, and nothing to do with Apache Taglibs.
file name: taglibs-standard-impl-1.2.5.jar
]]> </notes>
<packageUrl regex="true">^pkg:maven/org\.apache\.taglibs/taglibs\-standard\-impl@.*$</packageUrl>
<cpe>cpe:/a:tag_project:tag</cpe>
</suppress>
<suppress>
<notes><![CDATA[
Ignore a CVE related to JDom2 when setExpandEntities is enabled. JDom2 is used by Rome, which doesn't use this feature, so is immune.
https://github.com/rometools/rome/issues/469
file name: jdom2-2.0.6.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.jdom/jdom2@.*$</packageUrl>
<cve>CVE-2021-33813</cve>
</suppress>
<suppress>
<notes><![CDATA[
Ignore an old CVE related to permissions when calling com.google.common.io.Files.createTempDir - we don't use this method
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
<vulnerabilityName>CVE-2020-8908</vulnerabilityName>
</suppress>
</suppressions>