suppress multiple CVEs for jfreechart (#807)

labkey-willm · web-flow · commit ff328ad8de91 · 2024-04-20T17:25:00.000-07:00
* suppress CVE-2024-22949 for jfreechart * also suppress CVE-2023-52070 and CVE-2024-23076 for jfreechart
diff --git a/dependencyCheckSuppression.xml b/dependencyCheckSuppression.xml
@@ -325,5 +325,38 @@
         <vulnerabilityName>CVE-2024-23080</vulnerabilityName>
     </suppress>
 
+    <!--
+    suppress CVE-2024-22949 for jfreechart, may become moot after subsequent upgrades
+    -->
+    <suppress>
+        <notes><![CDATA[
+   file name: jfreechart-1.0.19.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.jfree/jfreechart@.*$</packageUrl>
+        <vulnerabilityName>CVE-2024-22949</vulnerabilityName>
+    </suppress>
+
+    <!--
+    suppress CVE-2023-52070 for jfreechart, may become moot after subsequent upgrades
+    -->
+    <suppress>
+        <notes><![CDATA[
+   file name: jfreechart-1.0.19.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.jfree/jfreechart@.*$</packageUrl>
+        <vulnerabilityName>CVE-2023-52070</vulnerabilityName>
+    </suppress>
+
+    <!--
+    suppress CVE-2024-23076 for jfreechart, may become moot after subsequent upgrades
+    -->
+    <suppress>
+        <notes><![CDATA[
+   file name: jfreechart-1.0.19.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.jfree/jfreechart@.*$</packageUrl>
+        <vulnerabilityName>CVE-2024-23076</vulnerabilityName>
+    </suppress>
+
 </suppressions>
 
