-
Notifications
You must be signed in to change notification settings - Fork 2
/
dependency-check-suppressions.xml
26 lines (24 loc) · 1.33 KB
/
dependency-check-suppressions.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<!-- Suppress false positives for spring security -->
<suppress>
<notes>Only vulnerable when used in combination with Spring 5.0.5, we use 5.3+</notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-.*@.*$</packageUrl>
<cve>CVE-2018-1258</cve>
</suppress>
<suppress>
<notes>Spring Security RSA uses a different version than Spring Security</notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-rsa@.*$</packageUrl>
<cpe>cpe:/a:pivotal:spring_security_oauth</cpe>
</suppress>
<suppress>
<notes>Spring Security RSA uses a different version than Spring Security</notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-rsa@.*$</packageUrl>
<cpe>cpe:/a:pivotal_software:spring_security</cpe>
</suppress>
<suppress>
<notes>Spring Security RSA uses a different version than Spring Security</notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring\-security\-rsa@.*$</packageUrl>
<cpe>cpe:/a:vmware:springsource_spring_security</cpe>
</suppress>
</suppressions>