From 112830be87548949295d71d34a66c1f8659af2f2 Mon Sep 17 00:00:00 2001
From: RIHTARSIC Joze <joze.rihtarsic@ext.ec.europa.eu>
Date: Fri, 12 Apr 2024 09:27:57 +0200
Subject: [PATCH] EDELIVERY-13128-upgrade-libraries-and-plugins

---
 owasp-false-positive-warnings.xml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/owasp-false-positive-warnings.xml b/owasp-false-positive-warnings.xml
index f7ab0125d..ceb87c56d 100644
--- a/owasp-false-positive-warnings.xml
+++ b/owasp-false-positive-warnings.xml
@@ -81,4 +81,15 @@
         <packageUrl regex="true">^pkg:maven/org\.apache\.tomcat\.embed/tomcat\-embed\-websocket@.*$</packageUrl>
         <cve>CVE-2023-41080</cve>
     </suppress>
+    <suppress>
+        <notes><![CDATA[
+            File name: joda-time-2.x
+            This is transitive library of the 2WaySec, WSS4J 2.4.x: Check if this is needed when using WSS4J is upgrades
+            and is not directly used by the 2waySSL library.
+            NOTE: Currently the latest version 2.12.7 still report the same issue.
+            This is disputed by multiple third parties who believe  there was not reasonable evidence to determine the existence of a vulnerability.
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/joda\-time/joda\-time@.*$</packageUrl>
+        <vulnerabilityName>CVE-2024-23080</vulnerabilityName>
+    </suppress>
 </suppressions>
-- 
GitLab