remove unnecessary suppressions (#393)

hmcts · Apr 16, 2024 · 5f79181 · 5f79181
1 parent 09e19ef
commit 5f79181
Showing 1 changed file with 0 additions and 20 deletions.
diff --git a/config/owasp/suppressions.xml b/config/owasp/suppressions.xml
@@ -1,23 +1,3 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-    <suppress until="2024-06-01">
-        <notes><![CDATA[
-            This vulnerability is about potential Remote Code Execution when serializing and deserializing Java classes
-            using HttpInvokerServiceExport and org.springframework.remoting.
-            As we don't use those constructs, we are not affected by it.
-            The suppression will be a long-term one. An expiry to the suppression is kept to allow re-evaluating whether
-            we're still unaffected by it.
-        ]]></notes>
-        <cve>CVE-2016-1000027</cve>
-    </suppress>
-    <suppress until="2024-06-01">
-        <notes>![CDATA[
-            False positive - https://github.com/jeremylong/DependencyCheck/issues/5502
-
-            We don't use the libraries affected by this vulnerability. This is a false positive in dependencycheck that is still current in version 8.2.1.
-            Try to remove it when a dependencycheck upgrade becomes available.
-            If it still happens, check that we don't use hutool-json and json-java. If we don't, extend the suppression date by another year.
-            ]]</notes>
-        <cve>CVE-2022-45688</cve>
-    </suppress>
 </suppressions>