From fa1fbb49dc656ad33756d7e5dea13c27ae96a93e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois-Xavier=20Thomas?= <fx.thomas@gmail.com>
Date: Fri, 3 Jan 2020 23:35:32 +0100
Subject: [PATCH] Suppress CVE-2019-17563

---
 airsonic-main/cve-suppressed.xml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/airsonic-main/cve-suppressed.xml b/airsonic-main/cve-suppressed.xml
index b082b45b..82a2ae70 100644
--- a/airsonic-main/cve-suppressed.xml
+++ b/airsonic-main/cve-suppressed.xml
@@ -205,4 +205,9 @@
         <gav regex="true">.*jackson-databind.*</gav>
         <cve>CVE-2019-12384</cve>
     </suppress>
+    <suppress>
+        <notes>We do not use FORM-based authentication in Tomcat</notes>
+        <gav regex="true">org.apache.tomcat.embed.*</gav>
+        <cve>CVE-2019-17563</cve>
+    </suppress>
 </suppressions>