1 <?xml version="1.0" encoding="UTF-8"?>
2 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
4 <!-- json isn’t affected by CVE-2008-0732 which is a SUSE-specific init script bug -->
6 file name: json-20090211_1.jar
8 <gav regex="true">^org\.apache\.geronimo\.bundles:json:.*$</gav>
9 <cve>CVE-2008-0732</cve>
12 <!-- This isn’t git -->
13 <gav regex="true">^org\.eclipse\.persistence:org\.eclipse\.persistence\..*$</gav>
14 <cpe>cpe:/a:git:git</cpe>
17 <!-- We’ve fixed CVE-2015-1778 -->
18 <gav regex="true">^org\.opendaylight\..*$</gav>
19 <cve>CVE-2015-1778</cve>
24 file name: jaxb-api-2.2.2.jar
26 <gav regex="true">^javax\.xml\.bind:jaxb-api:.*$</gav>
27 <cpe>cpe:/a:oracle:glassfish</cpe>
30 <!-- Fixed after Pax 20140703 -->
31 <gav regex="true">^org\.ops4j\.pax\..*$</gav>
32 <cve>CVE-2015-1193</cve>
35 <!-- Fixed after Pax 20140703 -->
36 <gav regex="true">^org\.ops4j\.pax\..*$</gav>
37 <cve>CVE-2015-1194</cve>
40 <!-- 9.2.22 fixes CVE-2017-9735 -->
41 <gav regex="true">^org\.eclipse\.jetty:.*$</gav>
42 <cve>CVE-2017-9735</cve>