mirror of https://github.com/apache/cassandra
64 lines
2.6 KiB
XML
64 lines
2.6 KiB
XML
<!--
|
|
~ Licensed to the Apache Software Foundation (ASF) under one
|
|
~ or more contributor license agreements. See the NOTICE file
|
|
~ distributed with this work for additional information
|
|
~ regarding copyright ownership. The ASF licenses this file
|
|
~ to you under the Apache License, Version 2.0 (the
|
|
~ "License"); you may not use this file except in compliance
|
|
~ with the License. You may obtain a copy of the License at
|
|
~
|
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
|
~
|
|
~ Unless required by applicable law or agreed to in writing, software
|
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
~ See the License for the specific language governing permissions and
|
|
~ limitations under the License.
|
|
-->
|
|
<!--
|
|
copy suppressions / false positives here if there are any, how to do it is explained in
|
|
https://jeremylong.github.io/DependencyCheck/general/suppression.html
|
|
-->
|
|
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
|
|
<!-- https://issues.apache.org/jira/browse/CASSANDRA-18943 -->
|
|
<suppress>
|
|
<packageUrl regex="true">^pkg:maven/io\.netty/netty\-.*@.*$</packageUrl>
|
|
<cve>CVE-2023-44487</cve>
|
|
</suppress>
|
|
|
|
<!-- https://issues.apache.org/jira/browse/CASSANDRA-20504 -->
|
|
<suppress>
|
|
<packageUrl regex="true">^pkg:maven/io\.netty/netty\-.*@.*$</packageUrl>
|
|
<cve>CVE-2025-25193</cve>
|
|
</suppress>
|
|
|
|
<!-- https://issues.apache.org/jira/browse/CASSANDRA-17966 -->
|
|
<suppress>
|
|
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
|
|
<cve>CVE-2023-35116</cve>
|
|
</suppress>
|
|
|
|
<!-- https://issues.apache.org/jira/browse/CASSANDRA-19142 -->
|
|
<!-- https://issues.apache.org/jira/browse/CASSANDRA-20412 -->
|
|
<suppress>
|
|
<packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-core@.*$</packageUrl>
|
|
<cve>CVE-2023-6378</cve>
|
|
<cve>CVE-2023-6481</cve>
|
|
<cve>CVE-2024-12798</cve>
|
|
<cve>CVE-2024-12801</cve>
|
|
</suppress>
|
|
<suppress>
|
|
<packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-classic@.*$</packageUrl>
|
|
<cve>CVE-2023-6378</cve>
|
|
<cve>CVE-2023-6481</cve>
|
|
<cve>CVE-2024-12798</cve>
|
|
<cve>CVE-2024-12801</cve>
|
|
</suppress>
|
|
|
|
<!-- https://issues.apache.org/jira/browse/CASSANDRA-20024 -->
|
|
<suppress>
|
|
<packageUrl regex="true">^pkg:maven/org\.apache\.lucene/lucene\-.*@9.7.0$</packageUrl>
|
|
<cve>CVE-2024-45772</cve>
|
|
</suppress>
|
|
</suppressions>
|