forked from finos/traderX
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathgradle-cve-ignore-list.xml
28 lines (28 loc) · 1.28 KB
/
gradle-cve-ignore-list.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
<notes><![CDATA[Not using webAdminPassword startup parameter]]></notes>
<filePath regex="true">.*\bh2-2\.2\.224\.jar</filePath>
<cve>CVE-2022-45868</cve>
</suppress>
<suppress>
<notes><![CDATA[Not running backups]]></notes>
<filePath regex="true">.*\bh2-2\.2\.224\.jar</filePath>
<cve>CVE-2018-14335</cve>
</suppress>
<suppress>
<notes><![CDATA[Ignoring, since we don't unmarshal XML to JSON; see https://github.com/stleary/JSON-java/issues/708]]></notes>
<filePath regex="true">.*\bjson-20231013\.jar</filePath>
<cve>CVE-2022-45688</cve>
</suppress>
<suppress>
<notes><![CDATA[BrotliInterceptor is not used, see https://nvd.nist.gov/vuln/detail/CVE-2023-3782]]></notes>
<filePath regex="true">.*\bokhttp-4\.10\.0\.jar</filePath>
<cve>CVE-2023-3782</cve>
</suppress>
<suppress>
<notes><![CDATA[GzipSource class is not used, see https://nvd.nist.gov/vuln/detail/CVE-2023-3635]]></notes>
<filePath regex="true">.*\bokio-jvm-3\.0\.0\.jar</filePath>
<cve>CVE-2023-3635</cve>
</suppress>
</suppressions>