corda/.ci/dependency-checker/suppressedLibraries.xml

<?xml version="1.0" encoding="UTF-8" ?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
    <!--  Example of a suppressed library -->
    <!-- The suppress node can be generated from the HTML report by using the 'suppress' option for each vulnerability found
    <suppress>
      <notes><![CDATA[
      file name: some.jar
      ]]></notes>
      <sha1>66734244CE86857018B023A8C56AE0635C56B6A1</sha1>
      <cpe>cpe:/a:apache:struts:2.0.0</cpe>
   </suppress>
    -->
    <suppress>
        <!-- Vulnerability when using SSLv2 Hello messages. Corda uses TLS1.2-->
        <notes><![CDATA[file name: catalyst-netty-1.1.2.jar]]></notes>
        <gav regex="true">^io\.atomix\.catalyst:catalyst-netty:.*$</gav>
        <cve>CVE-2014-3488</cve>
    </suppress>
    <suppress>
        <!-- Vulnerability to LDAP poisoning attacks. Corda doesn't use LDAP-->
        <notes><![CDATA[file name: groovy-all-1.8.9.jar]]></notes>
        <gav regex="true">^commons-cli:commons-cli:.*$</gav>
        <cve>CVE-2016-6497</cve>
    </suppress>
    <suppress>
        <!-- Java objects serialization disabled in Corda -->
        <notes><![CDATA[file name: groovy-all-1.8.9.jar]]></notes>
        <gav regex="true">^commons-cli:commons-cli:.*$</gav>
        <cve>CVE-2015-3253</cve>
    </suppress>
</suppressions>
CORDA-351: added dependency check plugin to gradle build script (#1911) * CORDA-351: added dependency check plugin to gradle build script * CORDA-351: Added suppression stub file with example * CORDA-351: added suppresionFile property 2017-10-20 16:58:15 +00:00			`<?xml version="1.0" encoding="UTF-8" ?>`
			`<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">`
			`<!-- Example of a suppressed library -->`
			`<!-- The suppress node can be generated from the HTML report by using the 'suppress' option for each vulnerability found`
			`<suppress>`
			`<notes><![CDATA[`
			`file name: some.jar`
			`]]></notes>`
			`<sha1>66734244CE86857018B023A8C56AE0635C56B6A1</sha1>`
			`<cpe>cpe:/a:apache:struts:2.0.0</cpe>`
			`</suppress>`
			`-->`
CORDA-351: force update dependencies and suppress vulnerabilities not… (#1944) * CORDA-351: force update dependencies and suppress vulnerabilities not affecting corda * CORDA-351: force update dependencies and suppress vulnerabilities not affecting corda 2017-10-26 11:16:57 +00:00			`<suppress>`
			`<!-- Vulnerability when using SSLv2 Hello messages. Corda uses TLS1.2-->`
			`<notes><![CDATA[file name: catalyst-netty-1.1.2.jar]]></notes>`
			`<gav regex="true">^io\.atomix\.catalyst:catalyst-netty:.*$</gav>`
			`<cve>CVE-2014-3488</cve>`
			`</suppress>`
			`<suppress>`
			`<!-- Vulnerability to LDAP poisoning attacks. Corda doesn't use LDAP-->`
			`<notes><![CDATA[file name: groovy-all-1.8.9.jar]]></notes>`
			`<gav regex="true">^commons-cli:commons-cli:.*$</gav>`
			`<cve>CVE-2016-6497</cve>`
			`</suppress>`
			`<suppress>`
			`<!-- Java objects serialization disabled in Corda -->`
			`<notes><![CDATA[file name: groovy-all-1.8.9.jar]]></notes>`
			`<gav regex="true">^commons-cli:commons-cli:.*$</gav>`
			`<cve>CVE-2015-3253</cve>`
			`</suppress>`
CORDA-351: added dependency check plugin to gradle build script (#1911) * CORDA-351: added dependency check plugin to gradle build script * CORDA-351: Added suppression stub file with example * CORDA-351: added suppresionFile property 2017-10-20 16:58:15 +00:00			`</suppressions>`