gh-151 Suppress invalid CVE report for Jackson Databind

coherence-community · Jun 26, 2023 · 1f46150 · 1f46150
1 parent 67e80ea
commit 1f46150
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/pom.xml b/pom.xml
@@ -117,7 +117,7 @@
 		<flatten-maven-plugin.version>1.2.7</flatten-maven-plugin.version>
 		<github.site-maven-plugin.version>0.12</github.site-maven-plugin.version>
 		<maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
-		<dependency-check-maven.version>8.2.1</dependency-check-maven.version>
+		<dependency-check-maven.version>8.3.1</dependency-check-maven.version>
 		<maven-checkstyle-plugin.version>3.1.2</maven-checkstyle-plugin.version>
 		<maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
 		<maven-deploy-plugin.version>2.8.2</maven-deploy-plugin.version>

diff --git a/src/main/config/dependency-check-suppression.xml b/src/main/config/dependency-check-suppression.xml
@@ -7,7 +7,6 @@
 -->
 
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-
     <suppress>
         <notes><![CDATA[
        file name: snakeyaml-1.33.jar
@@ -17,4 +16,10 @@
        ]]></notes>
         <cve>CVE-2022-1471</cve>
     </suppress>
+    <suppress>
+        <notes><![CDATA[ jackson-databind-2.15.2.jar
+        Invalid - see: https://github.com/FasterXML/jackson-databind/issues/3997
+       ]]></notes>
+        <cve>CVE-2023-35116</cve>
+    </suppress>
 </suppressions>