| <?xml version="1.0" encoding="UTF-8"?> |
| <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd"> |
| |
| <!-- Schwachstelle wird bei Keycloak im Code nicht benutzt --> |
| <suppress> |
| <notes><![CDATA[ |
| file name: bcprov-jdk15on-1.65.jar |
| ]]></notes> |
| <packageUrl regex="true">^pkg:maven/org\.bouncycastle/bcprov\-jdk15on@.*$</packageUrl> |
| <cve>CVE-2020-28052</cve> |
| </suppress> |
| |
| <!-- Gatekeeper wird bei uns nicht benutzt --> |
| <suppress> |
| <notes><![CDATA[ |
| file name: keycloak-core-12.0.4.jar |
| ]]></notes> |
| <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-core@.*$</packageUrl> |
| <cve>CVE-2020-14359</cve> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[ |
| file name: keycloak-common-12.0.4.jar |
| ]]></notes> |
| <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-common@.*$</packageUrl> |
| <cve>CVE-2020-14359</cve> |
| </suppress> |
| |
| <!-- Wir benutzen keinen “external identity provider“ --> |
| <suppress> |
| <notes><![CDATA[ |
| file name: keycloak-core-12.0.4.jar |
| ]]></notes> |
| <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-core@.*$</packageUrl> |
| <cve>CVE-2020-14302</cve> |
| </suppress> |
| |
| <!-- CVEs don't have the correct fix versions, fixed in 12.0.2 [1]. --> |
| <suppress> |
| <notes><![CDATA[ |
| file name: keycloak-core-12.0.4.jar |
| ]]></notes> |
| <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-core@.*$</packageUrl> |
| <cve>CVE-2020-10770</cve> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[ |
| file name: keycloak-core-12.0.4.jar |
| ]]></notes> |
| <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-core@.*$</packageUrl> |
| <cve>CVE-2020-14302</cve> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[ |
| file name: keycloak-core-12.0.4.jar |
| ]]></notes> |
| <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-core@.*$</packageUrl> |
| <cve>CVE-2020-1725</cve> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[ |
| file name: keycloak-core-12.0.4.jar |
| ]]></notes> |
| <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-core@.*$</packageUrl> |
| <cve>CVE-2020-27838</cve> |
| </suppress> |
| |
| <!-- CVEs don't have the correct fix versions, fixed in 12.0.2 [1]. --> |
| <suppress> |
| <notes><![CDATA[ |
| file name: keycloak-common-12.0.4.jar |
| ]]></notes> |
| <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-common@.*$</packageUrl> |
| <cve>CVE-2020-10770</cve> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[ |
| file name: keycloak-common-12.0.4.jar |
| ]]></notes> |
| <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-common@.*$</packageUrl> |
| <cve>CVE-2020-14302</cve> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[ |
| file name: keycloak-common-12.0.4.jar |
| ]]></notes> |
| <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-common@.*$</packageUrl> |
| <cve>CVE-2020-1725</cve> |
| </suppress> |
| <suppress> |
| <notes><![CDATA[ |
| file name: keycloak-common-12.0.4.jar |
| ]]></notes> |
| <packageUrl regex="true">^pkg:maven/org\.keycloak/keycloak\-common@.*$</packageUrl> |
| <cve>CVE-2020-27838</cve> |
| </suppress> |
| |
| </suppressions> |