|
|
|
@ -47,13 +47,6 @@ |
|
|
|
|
<cpe regex="true">.*</cpe> |
|
|
|
|
</suppress> |
|
|
|
|
|
|
|
|
|
<!-- Jetty is currently only used for developer experimentation --> |
|
|
|
|
<suppress> |
|
|
|
|
<notes>Jetty is currently only used for developer experimentations</notes> |
|
|
|
|
<gav regex="true">^org\.eclipse\.jetty:.*$</gav> |
|
|
|
|
<cpe>cpe:/a:org.eclipse.jetty:</cpe> |
|
|
|
|
</suppress> |
|
|
|
|
|
|
|
|
|
<!-- No git functionality is used from the following dependencies --> |
|
|
|
|
<suppress> |
|
|
|
|
<notes><![CDATA[file name: org.eclipse.persistence.core-2.5.1.jar]]></notes> |
|
|
|
@ -111,12 +104,6 @@ |
|
|
|
|
<cve>CVE-2016-5425</cve> |
|
|
|
|
</suppress> |
|
|
|
|
|
|
|
|
|
<!-- Jetty is currently disabled and not added to the built war --> |
|
|
|
|
<suppress> |
|
|
|
|
<notes><![CDATA[file name: jetty-schemas-3.1.jar]]></notes> |
|
|
|
|
<gav regex="true">^org\.eclipse\.jetty\..*$</gav> |
|
|
|
|
<cpe>cpe:/a:mortbay_jetty:jetty</cpe> |
|
|
|
|
</suppress> |
|
|
|
|
<!--Vulnerabilty lies in Database Clusterscripts--> |
|
|
|
|
<suppress> |
|
|
|
|
<notes><![CDATA[file name: postgresql-42.1.4.jar]]></notes> |
|
|
|
@ -184,17 +171,17 @@ |
|
|
|
|
<cvssBelow>9.0</cvssBelow> |
|
|
|
|
</suppress> |
|
|
|
|
<suppress> |
|
|
|
|
<notes>False positive for tomcat vuln in eclipse jetty/jasper compat lib</notes> |
|
|
|
|
<notes>False positive for tomcat vuln in eclipse jasper compat lib</notes> |
|
|
|
|
<gav regex="true">^org\.mortbay\.jasper:apache-jsp:.*$</gav> |
|
|
|
|
<cve>CVE-2016-5425</cve> |
|
|
|
|
</suppress> |
|
|
|
|
<suppress> |
|
|
|
|
<notes>False positive for tomcat vuln in eclipse jetty/jasper compat lib</notes> |
|
|
|
|
<notes>False positive for tomcat vuln in eclipse jasper compat lib</notes> |
|
|
|
|
<gav regex="true">^org\.mortbay\.jasper:apache-jsp:.*$</gav> |
|
|
|
|
<cve>CVE-2017-6056</cve> |
|
|
|
|
</suppress> |
|
|
|
|
<suppress> |
|
|
|
|
<notes>False positive for tomcat vuln in eclipse jetty/jasper compat lib</notes> |
|
|
|
|
<notes>False positive for tomcat vuln in eclipse jasper compat lib</notes> |
|
|
|
|
<gav regex="true">^org\.mortbay\.jasper:apache-jsp:.*$</gav> |
|
|
|
|
<cve>CVE-2019-10072</cve> |
|
|
|
|
</suppress> |
|
|
|
|