diff --git a/airsonic-main/cve-suppressed.xml b/airsonic-main/cve-suppressed.xml
index b082b45b..82a2ae70 100644
--- a/airsonic-main/cve-suppressed.xml
+++ b/airsonic-main/cve-suppressed.xml
@@ -205,4 +205,9 @@
         <gav regex="true">.*jackson-databind.*</gav>
         <cve>CVE-2019-12384</cve>
     </suppress>
+    <suppress>
+        <notes>We do not use FORM-based authentication in Tomcat</notes>
+        <gav regex="true">org.apache.tomcat.embed.*</gav>
+        <cve>CVE-2019-17563</cve>
+    </suppress>
 </suppressions>