cve-suppressions.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
    <suppress>
        <gav>org.slf4j:slf4j-api:1.7.25</gav>
        <cve>CVE-2018-8088</cve>
    </suppress>

    <suppress>
        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-.+@.*$</packageUrl>
        <vulnerabilityName>CVE-2015-3192</vulnerabilityName>
        <vulnerabilityName>CVE-2015-5211</vulnerabilityName>
        <cve>CVE-2016-5007</cve>
        <cve>CVE-2018-1270</cve>
        <cve>CVE-2018-1271</cve>
        <cve>CVE-2018-1272</cve>
    </suppress>

    <suppress>
	<cve>CVE-2016-1000027</cve>
        <cve>CVE-2019-12814</cve>
        <cve>CVE-2020-5421</cve>
        <cve>CVE-2020-7712</cve>
        <cve>CVE-2020-9488</cve>
        <cve>CVE-2020-10663</cve>
	<cve>CVE-2022-22965</cve>
    </suppress>

    <!-- https://github.com/jeremylong/DependencyCheck/issues/1921 -->
    <suppress>
        <gav regex="true">org\.springframework\.boot:.+:2\.1\.5\.RELEASE</gav>
        <cve>CVE-2011-2730</cve>
        <cve>CVE-2013-4152</cve>
        <cve>CVE-2013-6429</cve>
        <cve>CVE-2013-7315</cve>
        <cve>CVE-2014-0054</cve>
    </suppress>

    <!-- https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot -->
    <suppress>
        <cve>CVE-2021-44228</cve>
        <cve>CVE-2021-45105</cve>
        <cve>CVE-2021-45046</cve>
	<cve>CVE-2021-44832</cve>
    </suppress>
</suppressions>