From 58daacd9abce2c63c98a4907ad1f2953519c3fc7 Mon Sep 17 00:00:00 2001
From: jvoisin <julien.voisin@dustri.org>
Date: Thu, 16 May 2019 00:13:12 +0200
Subject: [PATCH] Jetty is only used by developers, and never in production

So we're free to completely ignore CVE against it.
---
 airsonic-main/cve-suppressed.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/airsonic-main/cve-suppressed.xml b/airsonic-main/cve-suppressed.xml
index f04c3899..34ddc8de 100644
--- a/airsonic-main/cve-suppressed.xml
+++ b/airsonic-main/cve-suppressed.xml
@@ -49,9 +49,9 @@
 
     <!-- Jetty is currently only used for developer experimentation -->
     <suppress>
-        <notes><![CDATA[file name: jetty-schemas-3.1.jar]]></notes>
-        <gav regex="true">^org\.eclipse\.jetty\.toolchain:jetty-schemas:.*$</gav>
-        <cve>CVE-2017-9735</cve>
+        <notes>Jetty is currently only used for developer experimentations</notes>
+        <gav regex="true">^org\.eclipse\.jetty:.*$</gav>
+        <cpe>cpe:/a:org.eclipse.jetty:</cpe>
     </suppress>
 
     <!-- No git functionality is used from the following dependencies -->