summaryrefslogtreecommitdiffhomepage
path: root/android/config
diff options
context:
space:
mode:
Diffstat (limited to 'android/config')
-rw-r--r--android/config/dependency-check-suppression.xml9
1 files changed, 9 insertions, 0 deletions
diff --git a/android/config/dependency-check-suppression.xml b/android/config/dependency-check-suppression.xml
index 067a8c8d67..c7ec54a5e8 100644
--- a/android/config/dependency-check-suppression.xml
+++ b/android/config/dependency-check-suppression.xml
@@ -51,4 +51,13 @@
<packageUrl regex="true">^pkg:maven/com\.squareup\.okio/okio@.*$</packageUrl>
<cve>CVE-2023-3635</cve>
</suppress>
+ <suppress until="2024-06-01Z">
+ <notes><![CDATA[
+ This CVE only affect programs using loadXML and is derived from using ksp.
+ We do not use the loadXML, ksp is used to generate navigation paths in our code
+ and not for processesing any user input.
+ ]]></notes>
+ <packageUrl regex="true">^pkg:maven/com\.google\.devtools\.ksp/symbol\-processing.*@.*$</packageUrl>
+ <cve>CVE-2018-1000840</cve>
+ </suppress>
</suppressions>
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.