<?xml version="1.0" encoding="UTF-8" ?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
    <!--  Example of a suppressed library -->
    <!-- The suppress node can be generated from the HTML report by using the 'suppress' option for each vulnerability found
    <suppress>
      <notes><![CDATA[
      file name: some.jar
      ]]></notes>
      <sha1>66734244CE86857018B023A8C56AE0635C56B6A1</sha1>
      <cpe>cpe:/a:apache:struts:2.0.0</cpe>
   </suppress>
    -->
    <suppress>
        <!-- Vulnerability when using SSLv2 Hello messages. Corda uses TLS1.2-->
        <notes><![CDATA[file name: catalyst-netty-1.1.2.jar]]></notes>
        <gav regex="true">^io\.atomix\.catalyst:catalyst-netty:.*$</gav>
        <cve>CVE-2014-3488</cve>
    </suppress>
    <suppress>
        <!-- Vulnerability to LDAP poisoning attacks. Corda doesn't use LDAP-->
        <notes><![CDATA[file name: groovy-all-1.8.9.jar]]></notes>
        <gav regex="true">^commons-cli:commons-cli:.*$</gav>
        <cve>CVE-2016-6497</cve>
    </suppress>
    <suppress>
        <!-- Java objects serialization disabled in Corda -->
        <notes><![CDATA[file name: groovy-all-1.8.9.jar]]></notes>
        <gav regex="true">^commons-cli:commons-cli:.*$</gav>
        <cve>CVE-2015-3253</cve>
    </suppress>
</suppressions>