supressions_cve.xml

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
    <suppress>
        <notes><![CDATA[
    because of https://bitbucket.org/asomov/snakeyaml/issues/462/memory-leak
   ]]></notes>
        <cve>CVE-2017-18640</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   async client is upgraded to
   group: 'org.asynchttpclient', name: 'async-http-client', version: '2.10.5'
   don't know, why plugin still finds vulnerability
   ]]></notes>
        <cve>CVE-2017-14063</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   log4j is forced by ES
   ]]></notes>
        <cve>CVE-2020-9488</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   according to https://github.com/FasterXML/jackson-databind/issues/2589#issuecomment-714833837
   should be already fixed
   ]]></notes>
        <cve>CVE-2020-25649</cve>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: circe-refined_2.12-0.13.0.jar - coincidence of names
   ]]></notes>
        <sha1>e48e7de23bba2007ceb0d6bce80e55139d98d9c2</sha1>
        <cpe>cpe:/a:refined-github_project:refined-github</cpe>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: refined_2.12-0.9.12.jar - coincidence of names
   ]]></notes>
        <sha1>6ff2aa22c46cb271116c136e51bc624a3dcdddcb</sha1>
        <cpe>cpe:/a:refined-github_project:refined-github</cpe>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: log4j-api-2.11.2.jar - no log4j-core (it's excluded, and the core is provided by ES)
   ]]></notes>
        <sha1>f5e9a2ffca496057d6891a3de65128efc636e26e</sha1>
        <cpe>cpe:/a:apache:log4j</cpe>
    </suppress>
    <suppress>
        <notes><![CDATA[
   file name: log4j-slf4j-impl-2.11.2.jar - no log4j-core (it's excluded, and the core is provided by ES)
   ]]></notes>
        <sha1>4d44e4edc4a7fb39f09b95b09f560a15976fa1ba</sha1>
        <cpe>cpe:/a:apache:log4j</cpe>
    </suppress>
</suppressions>