owasp-suppressions.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">

    <!--
        Temporary suppressions, check and update these periodically
    -->
    <!-- From spring-cloud-starter-aws-secrets-manager-config-->
    <suppress until="2025-06-01">
        <notes><![CDATA[file name: ion-java-1.0.2.jar]]></notes>
        <packageUrl regex="true">^pkg:maven/software\.amazon\.ion/ion\-java@.*$</packageUrl>
        <!-- waiting for update (last updated Feb 02, 2023) -->
        <!-- we're not using ion-java -->
        <cve>CVE-2024-21634</cve>
    </suppress>

    <!-- Waiting for update to aws-secretsmanager-jdbc 2.0.2 -->
    <suppress until="2025-03-15">
        <notes><![CDATA[
   file name: netty-common-4.1.116.Final.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/io\.netty/netty-common@.*$</packageUrl>
        <vulnerabilityName>CVE-2025-25193</vulnerabilityName>
    </suppress>
    <suppress until="2025-03-15">
        <notes><![CDATA[
   file name: netty-handler-4.1.116.Final.jar
   ]]></notes>
        <packageUrl regex="true">^pkg:maven/io\.netty/netty-handler@.*$</packageUrl>
        <vulnerabilityName>CVE-2025-24970</vulnerabilityName>
    </suppress>




    <!--
        Permanent suppressions
    -->


</suppressions>