From 07c8318d5bda0292e7c0d27d20549b54bee89023 Mon Sep 17 00:00:00 2001 From: Saurabh Parkhi <parkhi@gmail.com> Date: Thu, 4 Jan 2024 11:23:28 +0000 Subject: [PATCH] Added a suppression for derby database, since we do not use LDAP, we are fine (#1038) --- droid-api/dependency-check/suppressions.xml | 49 ------------------ .../dependency-check/suppressions.xml | 50 ++----------------- .../dependency-check/suppressions.xml | 50 ++----------------- .../dependency-check/suppressions.xml | 50 ++----------------- .../dependency-check/suppressions.xml | 49 ------------------ .../dependency-check/suppressions.xml | 50 ++----------------- .../dependency-check/suppressions.xml | 50 ++----------------- .../dependency-check/suppressions.xml | 50 ++----------------- .../dependency-check/suppressions.xml | 50 ++----------------- 9 files changed, 28 insertions(+), 420 deletions(-) diff --git a/droid-api/dependency-check/suppressions.xml b/droid-api/dependency-check/suppressions.xml index 65b9e0e1c..47b1e5bd0 100644 --- a/droid-api/dependency-check/suppressions.xml +++ b/droid-api/dependency-check/suppressions.xml @@ -1,53 +1,4 @@ <?xml version="1.0" encoding="UTF-8"?> <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-core-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-tx-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-tx@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-aop-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-aop@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-jdbc-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-jdbc@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-beans-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-beans@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-context-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-context@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-expression-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-expression@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> </suppressions> diff --git a/droid-binary/dependency-check/suppressions.xml b/droid-binary/dependency-check/suppressions.xml index 65b9e0e1c..4228988f8 100644 --- a/droid-binary/dependency-check/suppressions.xml +++ b/droid-binary/dependency-check/suppressions.xml @@ -1,53 +1,11 @@ <?xml version="1.0" encoding="UTF-8"?> <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> - <suppress until="2022-10-01Z"> + <suppress> <notes><![CDATA[ - file name: spring-core-5.3.20.jar + file name: derby-10.13.1.1.jar ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-tx-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-tx@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-aop-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-aop@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-jdbc-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-jdbc@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-beans-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-beans@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-context-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-context@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-expression-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-expression@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> + <packageUrl regex="true">^pkg:maven/org\.apache\.derby/derby@.*$</packageUrl> + <cve>CVE-2022-46337</cve> </suppress> </suppressions> diff --git a/droid-command-line/dependency-check/suppressions.xml b/droid-command-line/dependency-check/suppressions.xml index 65b9e0e1c..4228988f8 100644 --- a/droid-command-line/dependency-check/suppressions.xml +++ b/droid-command-line/dependency-check/suppressions.xml @@ -1,53 +1,11 @@ <?xml version="1.0" encoding="UTF-8"?> <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> - <suppress until="2022-10-01Z"> + <suppress> <notes><![CDATA[ - file name: spring-core-5.3.20.jar + file name: derby-10.13.1.1.jar ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-tx-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-tx@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-aop-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-aop@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-jdbc-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-jdbc@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-beans-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-beans@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-context-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-context@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-expression-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-expression@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> + <packageUrl regex="true">^pkg:maven/org\.apache\.derby/derby@.*$</packageUrl> + <cve>CVE-2022-46337</cve> </suppress> </suppressions> diff --git a/droid-export/dependency-check/suppressions.xml b/droid-export/dependency-check/suppressions.xml index 65b9e0e1c..4228988f8 100644 --- a/droid-export/dependency-check/suppressions.xml +++ b/droid-export/dependency-check/suppressions.xml @@ -1,53 +1,11 @@ <?xml version="1.0" encoding="UTF-8"?> <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> - <suppress until="2022-10-01Z"> + <suppress> <notes><![CDATA[ - file name: spring-core-5.3.20.jar + file name: derby-10.13.1.1.jar ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-tx-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-tx@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-aop-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-aop@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-jdbc-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-jdbc@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-beans-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-beans@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-context-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-context@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-expression-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-expression@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> + <packageUrl regex="true">^pkg:maven/org\.apache\.derby/derby@.*$</packageUrl> + <cve>CVE-2022-46337</cve> </suppress> </suppressions> diff --git a/droid-parent/dependency-check/suppressions.xml b/droid-parent/dependency-check/suppressions.xml index 65b9e0e1c..47b1e5bd0 100644 --- a/droid-parent/dependency-check/suppressions.xml +++ b/droid-parent/dependency-check/suppressions.xml @@ -1,53 +1,4 @@ <?xml version="1.0" encoding="UTF-8"?> <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-core-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-tx-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-tx@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-aop-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-aop@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-jdbc-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-jdbc@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-beans-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-beans@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-context-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-context@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-expression-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-expression@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> </suppressions> diff --git a/droid-report-interfaces/dependency-check/suppressions.xml b/droid-report-interfaces/dependency-check/suppressions.xml index 51734c0cf..67d14be5b 100644 --- a/droid-report-interfaces/dependency-check/suppressions.xml +++ b/droid-report-interfaces/dependency-check/suppressions.xml @@ -1,52 +1,10 @@ <?xml version="1.0" encoding="UTF-8"?> <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> - <suppress until="2022-10-01Z"> + <suppress> <notes><![CDATA[ - file name: spring-core-5.3.20.jar + file name: derby-10.13.1.1.jar ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-tx-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-tx@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-aop-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-aop@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-jdbc-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-jdbc@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-beans-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-beans@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-context-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-context@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-expression-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-expression@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> + <packageUrl regex="true">^pkg:maven/org\.apache\.derby/derby@.*$</packageUrl> + <cve>CVE-2022-46337</cve> </suppress> </suppressions> diff --git a/droid-report/dependency-check/suppressions.xml b/droid-report/dependency-check/suppressions.xml index 65b9e0e1c..4228988f8 100644 --- a/droid-report/dependency-check/suppressions.xml +++ b/droid-report/dependency-check/suppressions.xml @@ -1,53 +1,11 @@ <?xml version="1.0" encoding="UTF-8"?> <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> - <suppress until="2022-10-01Z"> + <suppress> <notes><![CDATA[ - file name: spring-core-5.3.20.jar + file name: derby-10.13.1.1.jar ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-tx-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-tx@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-aop-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-aop@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-jdbc-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-jdbc@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-beans-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-beans@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-context-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-context@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-expression-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-expression@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> + <packageUrl regex="true">^pkg:maven/org\.apache\.derby/derby@.*$</packageUrl> + <cve>CVE-2022-46337</cve> </suppress> </suppressions> diff --git a/droid-results/dependency-check/suppressions.xml b/droid-results/dependency-check/suppressions.xml index 65b9e0e1c..4228988f8 100644 --- a/droid-results/dependency-check/suppressions.xml +++ b/droid-results/dependency-check/suppressions.xml @@ -1,53 +1,11 @@ <?xml version="1.0" encoding="UTF-8"?> <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> - <suppress until="2022-10-01Z"> + <suppress> <notes><![CDATA[ - file name: spring-core-5.3.20.jar + file name: derby-10.13.1.1.jar ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-tx-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-tx@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-aop-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-aop@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-jdbc-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-jdbc@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-beans-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-beans@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-context-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-context@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-expression-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-expression@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> + <packageUrl regex="true">^pkg:maven/org\.apache\.derby/derby@.*$</packageUrl> + <cve>CVE-2022-46337</cve> </suppress> </suppressions> diff --git a/droid-swing-ui/dependency-check/suppressions.xml b/droid-swing-ui/dependency-check/suppressions.xml index 65b9e0e1c..4228988f8 100644 --- a/droid-swing-ui/dependency-check/suppressions.xml +++ b/droid-swing-ui/dependency-check/suppressions.xml @@ -1,53 +1,11 @@ <?xml version="1.0" encoding="UTF-8"?> <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> - <suppress until="2022-10-01Z"> + <suppress> <notes><![CDATA[ - file name: spring-core-5.3.20.jar + file name: derby-10.13.1.1.jar ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-tx-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-tx@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-aop-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-aop@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-jdbc-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-jdbc@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-beans-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-beans@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-context-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-context@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> - </suppress> - <suppress until="2022-10-01Z"> - <notes><![CDATA[ - file name: spring-expression-5.3.20.jar - ]]></notes> - <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-expression@.*$</packageUrl> - <cve>CVE-2016-1000027</cve> + <packageUrl regex="true">^pkg:maven/org\.apache\.derby/derby@.*$</packageUrl> + <cve>CVE-2022-46337</cve> </suppress> </suppressions>