dependencycheck-root-suppression.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions
		xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
	<suppress>
		<!-- spring security -->
		<cve>CVE-2018-1258</cve>
	</suppress>
	<suppress>
		<!-- spring security -->
		<cve>CVE-2019-3795</cve>
	</suppress>

	<suppress>
	   <!-- old camel -->
	   <cve>CVE-2020-5398</cve>
	</suppress>

	<suppress>
	   <!-- old camel -->
	   <cve>CVE-2020-11971</cve>
	</suppress>

	<suppress>
	   <!-- SAML component -->
	   <cve>CVE-2020-5407</cve>
	</suppress>

	<!-- micrometer false positive -->
	<suppress>
		<cve>CVE-2008-1392</cve>
	</suppress>
	<suppress>
		<cve>CVE-2009-1147</cve>
	</suppress>

	<!-- json-smart (from transitive from spring-boot-starter-test)-->
	<suppress>
		<cve>CVE-2021-27568</cve>
	</suppress>

	<!-- old spring security (from camel) -->
	<suppress>
		<cve>CVE-2021-22112</cve>
	</suppress>

	<!-- old log 4j -->
	<suppress>
		<cve>CVE-2021-44228</cve>
	</suppress>
	<suppress>
		<packageUrl regex="true">^pkg:maven/io\.netty/netty\-tcnative\-classes@.*$</packageUrl>
		<cpe>cpe:/a:netty:netty</cpe>
	</suppress>
	<suppress>
		<cve>CVE-2016-1000027</cve>
	</suppress>
	<suppress>
		<!-- parsing untrusted yaml -->
		<cve>CVE-2022-1471</cve>
	</suppress>
	<suppress>
		<!-- parsing yaml might consume a lot of resources -->
		<cve>CVE-2022-3064</cve>
	</suppress>
	<suppress>
		<!-- false positive -->
		<cve>CVE-2022-45688</cve>
		<cve>CVE-2023-1370</cve>
	</suppress>
	<suppress>
		<cve>CVE-2023-1370</cve>
	</suppress>
	<suppress>
		<!-- snakeyaml, unable to upgrade -->
		<cve>CVE-2023-2251</cve>
		<cve>CVE-2022-25857</cve>
	</suppress>
	<suppress>
		<!-- jackson -->
		<cve>CVE-2022-45688</cve>
	</suppress>
	<suppress>
		<!-- netty -->
		<cve>CVE-2023-4586</cve>
	</suppress>
	<!-- xmlunit -->
	<suppress><cve>CVE-2024-31573</cve></suppress>
</suppressions>