exclude CVE-2023-4586 from dependency analysis

paulchen · Oct 11, 2023 · a600b79 · a600b79
1 parent b2044f6
commit a600b79
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/cve-suppressions.xml b/cve-suppressions.xml
@@ -1,7 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
     <suppress>
-        <notes>not a security issue</notes>
+        <notes>not a security issue, cf. https://github.com/FasterXML/jackson-databind/issues/3972</notes>
         <cve>CVE-2023-35116</cve>
     </suppress>
+    <suppress>
+       <notes>only relevant if Netty is used as a client, cf. https://github.com/netty/netty/issues/9930</notes>
+        <cve>CVE-2023-4586</cve>
+    </suppress>
 </suppressions>