ke-chappel.oss.owasp.1.0.16.source-code.all.xml Maven / Gradle / Ivy

Go to download
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress>
      <notes><![CDATA[
          h2-2.x is not version 1.4.x. Also dev claims not a real issue and doesn't intend to fix it.
      ]]></notes>
      <packageUrl regex="true">^pkg:maven/com\.h2database/h2@(?:[1-9][0-9]+|[2-9])\..*$</packageUrl>
      <vulnerabilityName>CVE-2018-14335</vulnerabilityName>
   </suppress>
<suppress>
        <notes><![CDATA[
          junit-platform-engine is not Caoyongqi912/Fan_Platform
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.junit\.platform/junit\-platform\-engine@.*$
        </packageUrl>
        <cpe>cpe:/a:fan_platform_project:fan_platform</cpe>
    </suppress>
<suppress>
        <notes><![CDATA[
          junit-jupiter-engine is not Caoyongqi912/Fan_Platform
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.junit\.jupiter/junit\-jupiter\-engine@.*$
        </packageUrl>
        <cpe>cpe:/a:fan_platform_project:fan_platform</cpe>
    </suppress>
<suppress>
        <notes><![CDATA[
          junit-platform-commons is not Caoyongqi912/Fan_Platform
        ]]></notes>
        <packageUrl regex="true">^pkg:maven/org\.junit\.platform/junit\-platform\-commons@.*$
        </packageUrl>
        <cpe>cpe:/a:fan_platform_project:fan_platform</cpe>
    </suppress>
<suppress base="true" until="2025-01-01Z">
   <notes><![CDATA[
       The CVE is for quartz-jobs which is in a submodule that (currently) is not included in any of my projects.
       
       Reason for the limited timeline is that a newer version is being worked on so even though it's a false 
       positive it's better to upgrade then forever suppress.
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/org\.quartz-scheduler/quartz@.*$</packageUrl>
   <cpe>cpe:/a:softwareag:quartz</cpe>
</suppress>
</suppressions>