supressions_cve.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
    <suppress>
        <notes><![CDATA[
   file name: circe-refined_2.13-0.14.4.jar
   ]]></notes>
        <sha1>9bd0726f11ecb8f9a0b9c23365c47d7693634d0d</sha1>
        <cve>CVE-2021-34364</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: refined_2.13-0.9.29.jar
   ]]></notes>
        <sha1>d20a5338bf57204710769cb13aeb20a4568c9222</sha1>
        <cve>CVE-2021-34364</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: log4j-api-2.11.2.jar - no log4j-core (it's excluded, and the core is provided by ES)
   ]]></notes>
        <sha1>f5e9a2ffca496057d6891a3de65128efc636e26e</sha1>
        <cpe>cpe:/a:apache:log4j</cpe>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: log4j-slf4j-impl-2.11.2.jar - no log4j-core (it's excluded, and the core is provided by ES)
   ]]></notes>
        <sha1>4d44e4edc4a7fb39f09b95b09f560a15976fa1ba</sha1>
        <cpe>cpe:/a:apache:log4j</cpe>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: json-20230227.jar - fixed in given version (https://nvd.nist.gov/vuln/detail/CVE-2022-45688)
   ]]></notes>
        <sha1>7a0d4aca76513d8ce81f9b044ce8126b84809ad8</sha1>
        <cve>CVE-2022-45688</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: bc-noncert-1.0.2.4.jar
   ]]></notes>
        <sha1>ab0203590a39ad2fe4c225ddfad70e6a552c8445</sha1>
        <cpe>cpe:/a:bouncycastle:fips_java_api</cpe>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: bc-noncert-1.0.2.4.jar
   ]]></notes>
        <sha1>ab0203590a39ad2fe4c225ddfad70e6a552c8445</sha1>
        <cpe>cpe:/a:bouncycastle:legion-of-the-bouncy-castle</cpe>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: bc-noncert-1.0.2.4.jar
   ]]></notes>
        <sha1>ab0203590a39ad2fe4c225ddfad70e6a552c8445</sha1>
        <cpe>cpe:/a:bouncycastle:legion-of-the-bouncy-castle-fips-java-api</cpe>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: bctls-fips-1.0.17.jar
   ]]></notes>
        <sha1>353dc73006f5135f0816872f4437e1b459ff7cf7</sha1>
        <cve>CVE-2024-34447</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: circe-refined_3-0.14.6.jar
   ]]></notes>
        <sha1>7bff5294e89eba178f7c29b0bfb0d976ad264c65</sha1>
        <cve>CVE-2021-34364</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: refined_3-0.11.2.jar
   ]]></notes>
        <sha1>444be8623bb171bd83a15ed2c2aff1792a857ad4</sha1>
        <cve>CVE-2021-34364</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: bc-noncert-1.0.2.4.jar
   ]]></notes>
        <sha1>ab0203590a39ad2fe4c225ddfad70e6a552c8445</sha1>
        <cve>CVE-2023-33202</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: jackson-databind-2.13.5.jar (https://github.com/FasterXML/jackson-databind/issues/3972) - it's a false positive. Should be revoked in future
   ]]></notes>
        <sha1>aa95e46dbc32454f3983221d420e78ef19ddf844</sha1>
        <cpe>cpe:/a:fasterxml:jackson-databind</cpe>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: jackson-databind-2.13.5.jar (https://github.com/FasterXML/jackson-databind/issues/3972) - it's a false positive. Should be revoked in future
   ]]></notes>
        <sha1>aa95e46dbc32454f3983221d420e78ef19ddf844</sha1>
        <cpe>cpe:/a:fasterxml:jackson-modules-java8</cpe>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: jackson-databind-2.13.5.jar (https://github.com/FasterXML/jackson-databind/issues/3972) - it's a false positive. Should be revoked in future
   ]]></notes>
        <sha1>aa95e46dbc32454f3983221d420e78ef19ddf844</sha1>
        <cve>CVE-2023-35116</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[hostname verification is enabled in SSLCertHelper]]></notes>
        <sha1>196a9c42b23c0326f6fe53f8be06b706ca1f0fe4</sha1>
        <cve>CVE-2023-4586</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: jackson-databind-2.15.2.jar - false positive (https://github.com/FasterXML/jackson-databind/issues/3972)
   ]]></notes>
        <sha1>9353b021f10c307c00328f52090de2bdb4b6ff9c</sha1>
        <cve>CVE-2023-35116</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: ror-shadowed-libs-all.jar (shaded: com.fasterxml.jackson.core:jackson-databind:2.13.5)
   ]]></notes>
        <sha1>b98c202808e209a8d691981f9b956d3cf37a4351</sha1>
        <cve>CVE-2023-35116</cve>
    </suppress>
</suppressions>