owasp-suppression.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress>
        <notes><![CDATA[
        This suppresses all CVE entries that have a score below CVSS 8.
        ]]></notes>
        <cvssBelow>8</cvssBelow>
    </suppress>
    <suppress>
        <!-- simple-xml-safe is fine but it is flagged as the same as simple-xml -->
        <notes><![CDATA[file name: simple-xml-safe-2.7.1.jar]]></notes>
        <packageUrl regex="true">^pkg:maven/com\.carrotsearch\.thirdparty/simple\-xml\-safe@.*$</packageUrl>
        <cve>CVE-2017-1000190</cve>
    </suppress>
    <suppress>
        <notes>CVE about the Minio server, not java client</notes>
        <cve>CVE-2021-43858</cve>
    </suppress>
     <suppress>
        <notes>self-registration not used</notes>
        <cve>CVE-2023-4918</cve>
    </suppress>
    <suppress>
        <notes>AuthenticatedVoter no used</notes>
        <cve>CVE-2024-22257</cve>
    </suppress>
    <suppress>
        <notes>no UriComponentsBuilder</notes>
        <cve>CVE-2024-22243</cve>
    </suppress>
    <suppress>
        <notes>not valid for api</notes>
        <packageUrl regex="true">^pkg:maven/org\.springframework/spring.*$</packageUrl>
        <cve>CVE-2016-1000027</cve>
    </suppress>
    <suppress>
        <notes>no untrusted source</notes>
        <cve>CVE-2022-1471</cve>
    </suppress>
</suppressions>