[struts-examples] 01/02: Suppresses outdated dependencies

Sun, 07 Jun 2020 23:55:19 -0700 

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-examples.git

commit 86d3d9b950f1b80b5f61d0f5917ee04f431640c9
Author: Lukasz Lenart <lukaszlen...@apache.org>
AuthorDate: Mon Jun 8 08:54:26 2020 +0200

    Suppresses outdated dependencies
---
 src/etc/project-suppression.xml | 45 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/src/etc/project-suppression.xml b/src/etc/project-suppression.xml
index c3016de..6190d0e 100644
--- a/src/etc/project-suppression.xml
+++ b/src/etc/project-suppression.xml
@@ -148,4 +148,49 @@
         <packageUrl 
regex="true">^pkg:maven/org\.codehaus\.plexus/plexus\-utils@.*$</packageUrl>
         <vulnerabilityName>Possible XML Injection</vulnerabilityName>
     </suppress>
+    <suppress>
+        <notes><![CDATA[file name: dwr-1.1.1.jar]]></notes>
+        <packageUrl 
regex="true">^pkg:maven/uk\.ltd\.getahead/dwr@.*$</packageUrl>
+        <cpe>cpe:/a:getahead:direct_web_remoting</cpe>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: commons-collections-3.2.1.jar]]></notes>
+        <packageUrl 
regex="true">^pkg:maven/commons\-collections/commons\-collections@.*$</packageUrl>
+        <cpe>cpe:/a:apache:commons_collections</cpe>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: commons-collections-3.2.1.jar]]></notes>
+        <packageUrl 
regex="true">^pkg:maven/commons\-collections/commons\-collections@.*$</packageUrl>
+        <vulnerabilityName>CVE-2015-6420</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: commons-collections-3.2.1.jar]]></notes>
+        <packageUrl 
regex="true">^pkg:maven/commons\-collections/commons\-collections@.*$</packageUrl>
+        <vulnerabilityName>CVE-2017-15708</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: commons-collections-3.2.1.jar]]></notes>
+        <packageUrl 
regex="true">^pkg:maven/commons\-collections/commons\-collections@.*$</packageUrl>
+        <vulnerabilityName>Remote code execution</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: commons-beanutils-1.7.0.jar]]></notes>
+        <packageUrl 
regex="true">^pkg:maven/commons\-beanutils/commons\-beanutils@.*$</packageUrl>
+        <cpe>cpe:/a:apache:commons_beanutils</cpe>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: commons-beanutils-1.7.0.jar]]></notes>
+        <packageUrl 
regex="true">^pkg:maven/commons\-beanutils/commons\-beanutils@.*$</packageUrl>
+        <vulnerabilityName>CVE-2014-0114</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: commons-beanutils-1.7.0.jar]]></notes>
+        <packageUrl 
regex="true">^pkg:maven/commons\-beanutils/commons\-beanutils@.*$</packageUrl>
+        <vulnerabilityName>CVE-2019-10086</vulnerabilityName>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[file name: dom4j-1.1.jar]]></notes>
+        <packageUrl regex="true">^pkg:maven/dom4j/dom4j@.*$</packageUrl>
+        <cpe>cpe:/a:dom4j_project:dom4j</cpe>
+    </suppress>
 </suppressions>
\ No newline at end of file

Reply via email to