suppress CVE which comes from myfaces, not tobago
authorUdo Schnurpfeil <lofwyr@apache.org>
Wed, 24 Jan 2018 12:21:48 +0000 (12:21 +0000)
committerUdo Schnurpfeil <lofwyr@apache.org>
Wed, 24 Jan 2018 12:21:48 +0000 (12:21 +0000)
other/checkstyle-rules/src/main/resources/tobago/dependency-check-suppression-for-tobago-2.0.xml

index a973e7d..5a5caf6 100644 (file)
@@ -28,4 +28,9 @@
     <gav regex="true">^org\.apache\.myfaces\.tobago:.*:.*$</gav>
     <cve>CVE-2016-5019</cve>
   </suppress>
+  <suppress>
+    <notes><![CDATA[ subject of CVE is MyFaces Core, but not Tobago ]]></notes>
+    <gav regex="true">^org\.apache\.myfaces\.tobago:.*:.*$</gav>
+    <cve>CVE-2011-4343</cve>
+  </suppress>
 </suppressions>