From 86907896a31b07933f101ff9fe87c582cba1bc37 Mon Sep 17 00:00:00 2001
From: Jesper Zedlitz <jesper@zedlitz.de>
Date: Thu, 27 Feb 2025 08:11:39 +0100
Subject: [PATCH] added information regarding CVE-2024-4109 [skip ci]

---
 owasp-suppressions.xml | 7 +++++++
 pom.xml                | 3 +++
 2 files changed, 10 insertions(+)
 create mode 100644 owasp-suppressions.xml

diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
new file mode 100644
index 0000000..1fd2d48
--- /dev/null
+++ b/owasp-suppressions.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.2.xsd">
+  <suppress>
+    <notes>It seems that only versions before 2.2.35 are effected. Additionally, csw2dcat does not make use of values in HTTP headers.</notes>
+    <cve>CVE-2024-4109</cve>
+  </suppress>
+</suppressions>
diff --git a/pom.xml b/pom.xml
index 07cf7a1..fbff4b7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -179,6 +179,9 @@
                 <artifactId>dependency-check-maven</artifactId>
                 <version>12.1.0</version>
                 <configuration>
+                    <suppressionFiles>
+                        <suppressionFile>owasp-suppressions.xml</suppressionFile>
+                    </suppressionFiles>
                     <failBuildOnCVSS>8</failBuildOnCVSS>
                     <assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
                     <failOnError>true</failOnError>
-- 
GitLab