Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-ports
 Path: blob/main/databases/cassandra4/files/maven/dependency-check-suppressions.xml
46786 views
1
<!--

2
  ~ Licensed to the Apache Software Foundation (ASF) under one

3
  ~ or more contributor license agreements.  See the NOTICE file

4
  ~ distributed with this work for additional information

5
  ~ regarding copyright ownership.  The ASF licenses this file

6
  ~ to you under the Apache License, Version 2.0 (the

7
  ~ "License"); you may not use this file except in compliance

8
  ~ with the License.  You may obtain a copy of the License at

9
  ~

10
  ~     http://www.apache.org/licenses/LICENSE-2.0

11
  ~

12
  ~ Unless required by applicable law or agreed to in writing, software

13
  ~ distributed under the License is distributed on an "AS IS" BASIS,

14
  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

15
  ~ See the License for the specific language governing permissions and

16
  ~ limitations under the License.

17
  -->

18
<!--

19
  copy suppressions / false positives here if there are any, how to do it is explained in

20
  https://jeremylong.github.io/DependencyCheck/general/suppression.html

21
-->

22
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">

23
    <suppress>

24
        <!--  https://issues.apache.org/jira/browse/CASSANDRA-17907 -->

25
        <packageUrl regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>

26
        <cve>CVE-2022-1471</cve>

27
        <cve>CVE-2022-25857</cve>

28
        <cve>CVE-2022-38749</cve>

29
        <cve>CVE-2022-38750</cve>

30
        <cve>CVE-2022-38751</cve>

31
        <cve>CVE-2022-38752</cve>

32
        <cve>CVE-2022-41854</cve>

33
    </suppress>

34
    <suppress>

35
        <!-- not applicable https://nvd.nist.gov/vuln/detail/CVE-2020-8908 -->

36
        <packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>

37
        <cve>CVE-2020-8908</cve>

38
        <cve>CVE-2023-2976</cve>

39
    </suppress>

40
    <!-- netty's http stuff is not applicable here -->

41
    <suppress>

42
        <packageUrl regex="true">^pkg:maven/io\.netty/netty\-.*@.*$</packageUrl>

43
        <cve>CVE-2021-21290</cve>

44
        <cve>CVE-2021-21295</cve>

45
        <cve>CVE-2021-21409</cve>

46
        <cve>CVE-2022-24823</cve>

47
        <cve>CVE-2025-24970</cve>

48
        <cve>CVE-2025-25193</cve>

49
        <cve>CVE-2024-29025</cve>

50
        <cve>CVE-2023-34462</cve>

51
        <cve>CVE-2021-37136</cve>

52
        <cve>CVE-2021-37137</cve>

53
        <cve>CVE-2022-41881</cve>

54
        <cve>CVE-2021-43797</cve>

55
        <cve>CVE-2023-44487</cve>

56
        <cve>CVE-2024-47535</cve>

57
        <cve>CVE-2025-55163</cve>

58
        <cve>CVE-2025-58056</cve>

59
        <cve>CVE-2025-58057</cve>

60
    </suppress>

61


62
    <!-- https://issues.apache.org/jira/browse/CASSANDRA-19142 -->

63
    <!-- https://issues.apache.org/jira/browse/CASSANDRA-20412 -->

64
    <suppress>

65
        <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-core@.*$</packageUrl>

66
        <cve>CVE-2023-6378</cve>

67
        <cve>CVE-2024-12798</cve>

68
        <cve>CVE-2024-12801</cve>

69
    </suppress>

70
    <suppress>

71
        <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-classic@.*$</packageUrl>

72
        <cve>CVE-2023-6378</cve>

73
        <cve>CVE-2024-12798</cve>

74
        <cve>CVE-2024-12801</cve>

75
    </suppress>

76
</suppressions>

77


78