From 4d8d38d1ef2adbdb2a3802306e7d3189491cb550 Mon Sep 17 00:00:00 2001
From: labkey-tchad <tchad@labkey.com>
Date: Mon, 18 Nov 2024 13:23:43 -0800
Subject: [PATCH] Ignore CVE false-positive for spring-web 6.1.14

Only 5.3.0 - 5.3.41 are affected:
https://spring.io/security/cve-2024-38828
---
 dependencyCheckSuppression.xml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/dependencyCheckSuppression.xml b/dependencyCheckSuppression.xml
index 67b14dd54a..e38b2c81d9 100644
--- a/dependencyCheckSuppression.xml
+++ b/dependencyCheckSuppression.xml
@@ -369,5 +369,14 @@
     </suppress>
     <!-- end of glassfish false positive suppressions -->
 
+    <!-- False positive. Only 5.3.0 - 5.3.41 are affected:
+     https://spring.io/security/cve-2024-38828 -->
+    <suppress>
+        <notes><![CDATA[
+   file name: spring-web-6.1.14.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring-web@.*$</packageUrl>
+        <vulnerabilityName>CVE-2024-38828</vulnerabilityName>
+    </suppress>
 </suppressions>