From f83ec36e42431497da775d346e8629fd8fe14271 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Willi=20Sch=C3=B6nborn?= <w.schoenborn@gmail.com>
Date: Fri, 5 Jul 2019 17:45:57 +0200
Subject: [PATCH] Properly suppressed Spring Security vulnerability

---
 cve-suppressions.xml | 6 +++++-
 pom.xml              | 1 -
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/cve-suppressions.xml b/cve-suppressions.xml
index 0d5aa1582..6d47ab402 100644
--- a/cve-suppressions.xml
+++ b/cve-suppressions.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
     <suppress>
         <cve>CVE-2018-1258</cve>
         <cve>CVE-2019-12814</cve>
@@ -7,4 +7,8 @@
     <suppress>
         <cve>CVE-2019-12814</cve>
     </suppress>
+    <suppress>
+      <packageUrl regex="true">^pkg:maven/org\.springframework\.security/spring-security-core@4\..*\.RELEASE$</packageUrl>
+      <vulnerabilityName>BREACH attack possible in CSRF tokens</vulnerabilityName>
+    </suppress>
 </suppressions>
diff --git a/pom.xml b/pom.xml
index 222371ac6..43ce1d9b3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -560,7 +560,6 @@
                     <configuration>
                         <failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
                         <assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
-                        <ossindexAnalyzerEnabled>false</ossindexAnalyzerEnabled>
                         <suppressionFiles>
                             <suppressionFile>cve-suppressions.xml</suppressionFile>
                         </suppressionFiles>