Skip to content

Commit

Permalink
Merge pull request #148 from companieshouse/IDVA6-1589-fix-security-f…
Browse files Browse the repository at this point in the history 
…ailures

IDVA6-1589: Fix security issues
  • Loading branch information
@krishna-patel-ch
krishna-patel-ch authored Sep 20, 2024
2 parents 782f23f + f3d3dfc commit 03f58cb
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 32 deletions.
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
<description>User and Company association.</description>
<properties>
<java.version>21</java.version>
<spring-boot.version>3.3.2</spring-boot.version>
<spring-boot.version>3.3.3</spring-boot.version>
<maven.compiler.release>${java.version}</maven.compiler.release>
<maven-compiler-plugin.version>3.11.0</maven-compiler-plugin.version>
<maven-surefire-plugin.version>3.2.2</maven-surefire-plugin.version>
Expand Down
34 changes: 3 additions & 31 deletions suppress.xml
View file
Original file line number Diff line number Diff line change
@@ -1,48 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
<suppress until="2024-09-01Z">
<notes><![CDATA[
file name: jackson-databind-2.15.3.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
<cve>CVE-2023-35116</cve>
</suppress>
<suppress until="2024-09-01Z">
<notes><![CDATA[
file name: logback-core-1.14.11.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-core@.*$</packageUrl>
<cve>CVE-2023-6378</cve>
</suppress>
<suppress until="2024-09-01Z">
<notes><![CDATA[
file name: logback-classic-1.14.11.jar
]]></notes>
<packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-classic@.*$</packageUrl>
<cve>CVE-2023-6378</cve>
</suppress>
<suppress until="2024-09-01Z">
<suppress until="2025-06-01Z">
<notes><![CDATA[
file name: kafka-clients-3.1.0.jar
]]></notes>
<cve>CVE-2022-34917</cve>
<cve>CVE-2023-25194</cve>
</suppress>
<suppress until="2024-09-01Z">
<notes><![CDATA[
file name: commons-compress-1.24.0.jar
]]></notes>
<cve>CVE-2024-26308</cve>
<cve>CVE-2024-25710</cve>
</suppress>
<suppress until="2024-09-01Z">
<suppress until="2025-06-01Z">
<notes><![CDATA[
file name: http2-common-11.0.16.jar
]]></notes>
<cve>CVE-2023-44487</cve>
<cve>CVE-2024-22201</cve>
</suppress>
<suppress until="2024-09-01Z">
<suppress until="2025-06-01Z">
<notes><![CDATA[
file name: snappy-java-1.1.8.4.jar
]]></notes>
Expand Down

0 comments on commit 03f58cb

Please sign in to comment.