diff --git a/airsonic-main/cve-suppressed.xml b/airsonic-main/cve-suppressed.xml
index 548e6b40..caa93990 100644
--- a/airsonic-main/cve-suppressed.xml
+++ b/airsonic-main/cve-suppressed.xml
@@ -168,4 +168,39 @@
^com\.sun\.xml\.bind\.external:relaxng-datatype:.*
CVE-2018-18749
+
+ False positive for jflac-codec
+ .*jflac-codec.*
+ CVE-2018-14948
+
+
+ We do not enable default typing for jackson
+ .*jackson-databind.*
+ CVE-2019-12814
+
+
+ We do not sue the liquibase sdk
+ .*liquibase/sdk/.*
+ 9.0
+
+
+ False positive for tomcat vuln in eclipse jetty/jasper compat lib
+ ^org\.mortbay\.jasper:apache-jsp:.*$
+ CVE-2016-5425
+
+
+ False positive for tomcat vuln in eclipse jetty/jasper compat lib
+ ^org\.mortbay\.jasper:apache-jsp:.*$
+ CVE-2017-6056
+
+
+ False positive for tomcat vuln in eclipse jetty/jasper compat lib
+ ^org\.mortbay\.jasper:apache-jsp:.*$
+ CVE-2019-10072
+
+
+ This cve is for apache standard taglibs before 1.2.3. However jstl:1.2 is a separate PROVIDED lib
+ ^javax\.servlet:jstl:.*$
+ CVE-2015-0254
+
diff --git a/airsonic-main/pom.xml b/airsonic-main/pom.xml
index d50db52b..e2166468 100755
--- a/airsonic-main/pom.xml
+++ b/airsonic-main/pom.xml
@@ -538,7 +538,7 @@
org.postgresql
postgresql
- 42.1.4
+ 42.2.5
runtime
diff --git a/pom.xml b/pom.xml
index 6277f7c7..5f8c669d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -18,6 +18,7 @@
UTF-8
3.3.1
2.9.9
+ 8.5.42
@@ -87,7 +88,7 @@
org.springframework.boot
spring-boot-dependencies
- 1.5.20.RELEASE
+ 1.5.21.RELEASE
pom
import
@@ -192,37 +193,37 @@
org.apache.tomcat.embed
tomcat-embed-core
- 8.5.40
+ ${tomcat.version}
org.apache.tomcat.embed
tomcat-embed-el
- 8.5.40
+ ${tomcat.version}
org.apache.tomcat.embed
tomcat-embed-jasper
- 8.5.40
+ ${tomcat.version}
org.apache.tomcat.embed
tomcat-embed-websocket
- 8.5.40
+ ${tomcat.version}
org.apache.tomcat
tomcat-annotations-api
- 8.5.40
+ ${tomcat.version}
org.apache.tomcat
tomcat-jdbc
- 8.5.40
+ ${tomcat.version}
org.apache.tomcat
tomcat-juli
- 8.5.40
+ ${tomcat.version}
@@ -300,7 +301,7 @@
org.owasp
dependency-check-maven
- 4.0.0
+ 5.0.0
true
true