From 3250a75cd1dc77602f741a175ba27de136ef6333 Mon Sep 17 00:00:00 2001
From: Saurabh Parkhi <parkhi@gmail.com>
Date: Tue, 7 Jun 2022 12:58:42 +0100
Subject: [PATCH] Introduced suppressions for the vulnerabilities related to
 spring to get the build succeeding again. (#781)

---
 dependency-check/suppressions.xml             |  4 ++
 .../dependency-check/suppressions.xml         | 53 +++++++++++++++++++
 .../dependency-check/suppressions.xml         |  4 ++
 .../dependency-check/suppressions.xml         | 53 +++++++++++++++++++
 .../dependency-check/suppressions.xml         |  4 ++
 .../dependency-check/suppressions.xml         |  4 ++
 droid-core/dependency-check/suppressions.xml  |  4 ++
 .../dependency-check/suppressions.xml         |  4 ++
 .../dependency-check/suppressions.xml         | 53 +++++++++++++++++++
 droid-help/dependency-check/suppressions.xml  |  4 ++
 .../dependency-check/suppressions.xml         | 53 +++++++++++++++++++
 droid-parent/pom.xml                          |  4 +-
 .../dependency-check/suppressions.xml         | 52 ++++++++++++++++++
 .../dependency-check/suppressions.xml         | 53 +++++++++++++++++++
 .../dependency-check/suppressions.xml         | 53 +++++++++++++++++++
 .../dependency-check/suppressions.xml         | 53 +++++++++++++++++++
 droid-tools/dependency-check/suppressions.xml |  4 ++
 pom.xml                                       |  1 +
 18 files changed, 459 insertions(+), 1 deletion(-)
 create mode 100644 dependency-check/suppressions.xml
 create mode 100644 droid-binary/dependency-check/suppressions.xml
 create mode 100644 droid-build-tools/dependency-check/suppressions.xml
 create mode 100644 droid-command-line/dependency-check/suppressions.xml
 create mode 100644 droid-container/dependency-check/suppressions.xml
 create mode 100644 droid-core-interfaces/dependency-check/suppressions.xml
 create mode 100644 droid-core/dependency-check/suppressions.xml
 create mode 100644 droid-export-interfaces/dependency-check/suppressions.xml
 create mode 100644 droid-export/dependency-check/suppressions.xml
 create mode 100644 droid-help/dependency-check/suppressions.xml
 create mode 100644 droid-parent/dependency-check/suppressions.xml
 create mode 100644 droid-report-interfaces/dependency-check/suppressions.xml
 create mode 100644 droid-report/dependency-check/suppressions.xml
 create mode 100644 droid-results/dependency-check/suppressions.xml
 create mode 100644 droid-swing-ui/dependency-check/suppressions.xml
 create mode 100644 droid-tools/dependency-check/suppressions.xml

diff --git a/dependency-check/suppressions.xml b/dependency-check/suppressions.xml
new file mode 100644
index 000000000..47b1e5bd0
--- /dev/null
+++ b/dependency-check/suppressions.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+</suppressions>
+
diff --git a/droid-binary/dependency-check/suppressions.xml b/droid-binary/dependency-check/suppressions.xml
new file mode 100644
index 000000000..65b9e0e1c
--- /dev/null
+++ b/droid-binary/dependency-check/suppressions.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-core-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-tx-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-tx@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-aop-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-aop@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-jdbc-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-jdbc@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-beans-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-beans@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-context-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-context@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-expression-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-expression@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+</suppressions>
+
diff --git a/droid-build-tools/dependency-check/suppressions.xml b/droid-build-tools/dependency-check/suppressions.xml
new file mode 100644
index 000000000..47b1e5bd0
--- /dev/null
+++ b/droid-build-tools/dependency-check/suppressions.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+</suppressions>
+
diff --git a/droid-command-line/dependency-check/suppressions.xml b/droid-command-line/dependency-check/suppressions.xml
new file mode 100644
index 000000000..65b9e0e1c
--- /dev/null
+++ b/droid-command-line/dependency-check/suppressions.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-core-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-tx-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-tx@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-aop-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-aop@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-jdbc-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-jdbc@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-beans-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-beans@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-context-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-context@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-expression-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-expression@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+</suppressions>
+
diff --git a/droid-container/dependency-check/suppressions.xml b/droid-container/dependency-check/suppressions.xml
new file mode 100644
index 000000000..47b1e5bd0
--- /dev/null
+++ b/droid-container/dependency-check/suppressions.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+</suppressions>
+
diff --git a/droid-core-interfaces/dependency-check/suppressions.xml b/droid-core-interfaces/dependency-check/suppressions.xml
new file mode 100644
index 000000000..47b1e5bd0
--- /dev/null
+++ b/droid-core-interfaces/dependency-check/suppressions.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+</suppressions>
+
diff --git a/droid-core/dependency-check/suppressions.xml b/droid-core/dependency-check/suppressions.xml
new file mode 100644
index 000000000..47b1e5bd0
--- /dev/null
+++ b/droid-core/dependency-check/suppressions.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+</suppressions>
+
diff --git a/droid-export-interfaces/dependency-check/suppressions.xml b/droid-export-interfaces/dependency-check/suppressions.xml
new file mode 100644
index 000000000..47b1e5bd0
--- /dev/null
+++ b/droid-export-interfaces/dependency-check/suppressions.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+</suppressions>
+
diff --git a/droid-export/dependency-check/suppressions.xml b/droid-export/dependency-check/suppressions.xml
new file mode 100644
index 000000000..65b9e0e1c
--- /dev/null
+++ b/droid-export/dependency-check/suppressions.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-core-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-tx-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-tx@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-aop-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-aop@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-jdbc-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-jdbc@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-beans-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-beans@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-context-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-context@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-expression-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-expression@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+</suppressions>
+
diff --git a/droid-help/dependency-check/suppressions.xml b/droid-help/dependency-check/suppressions.xml
new file mode 100644
index 000000000..47b1e5bd0
--- /dev/null
+++ b/droid-help/dependency-check/suppressions.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+</suppressions>
+
diff --git a/droid-parent/dependency-check/suppressions.xml b/droid-parent/dependency-check/suppressions.xml
new file mode 100644
index 000000000..65b9e0e1c
--- /dev/null
+++ b/droid-parent/dependency-check/suppressions.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-core-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-tx-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-tx@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-aop-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-aop@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-jdbc-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-jdbc@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-beans-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-beans@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-context-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-context@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-expression-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-expression@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+</suppressions>
+
diff --git a/droid-parent/pom.xml b/droid-parent/pom.xml
index 59b7126bb..ad20168d2 100644
--- a/droid-parent/pom.xml
+++ b/droid-parent/pom.xml
@@ -89,7 +89,7 @@
 
         <project.email>pronom@nationalarchives.gov.uk</project.email>
 
-        <spring.version>5.3.19</spring.version>
+        <spring.version>5.3.20</spring.version>
         <hibernate.version>5.4.1.Final</hibernate.version>
         <derby.version>10.13.1.1</derby.version>
         <cxf.version>3.5.2</cxf.version>
@@ -295,6 +295,7 @@
                 <version>7.1.0</version>
                 <configuration>
                     <failBuildOnCVSS>8</failBuildOnCVSS>
+                    <suppressionFile>${project.basedir}/dependency-check/suppressions.xml</suppressionFile>
                 </configuration>
                 <executions>
                     <execution>
@@ -350,6 +351,7 @@
                         <exclude>*.db</exclude>
                         <exclude>*.GIF</exclude>
                         <exclude>*.PNG</exclude>
+                        <exclude>**/suppressions.xml</exclude>
                     </excludes>
                 </configuration>
                 <executions>
diff --git a/droid-report-interfaces/dependency-check/suppressions.xml b/droid-report-interfaces/dependency-check/suppressions.xml
new file mode 100644
index 000000000..51734c0cf
--- /dev/null
+++ b/droid-report-interfaces/dependency-check/suppressions.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-core-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-tx-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-tx@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-aop-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-aop@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-jdbc-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-jdbc@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-beans-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-beans@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-context-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-context@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-expression-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-expression@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+</suppressions>
diff --git a/droid-report/dependency-check/suppressions.xml b/droid-report/dependency-check/suppressions.xml
new file mode 100644
index 000000000..65b9e0e1c
--- /dev/null
+++ b/droid-report/dependency-check/suppressions.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-core-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-tx-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-tx@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-aop-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-aop@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-jdbc-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-jdbc@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-beans-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-beans@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-context-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-context@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-expression-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-expression@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+</suppressions>
+
diff --git a/droid-results/dependency-check/suppressions.xml b/droid-results/dependency-check/suppressions.xml
new file mode 100644
index 000000000..65b9e0e1c
--- /dev/null
+++ b/droid-results/dependency-check/suppressions.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-core-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-tx-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-tx@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-aop-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-aop@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-jdbc-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-jdbc@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-beans-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-beans@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-context-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-context@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-expression-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-expression@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+</suppressions>
+
diff --git a/droid-swing-ui/dependency-check/suppressions.xml b/droid-swing-ui/dependency-check/suppressions.xml
new file mode 100644
index 000000000..65b9e0e1c
--- /dev/null
+++ b/droid-swing-ui/dependency-check/suppressions.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-core-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-core@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-tx-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-tx@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-aop-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-aop@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-jdbc-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-jdbc@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-beans-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-beans@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-context-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-context@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+    <suppress until="2022-10-01Z">
+        <notes><![CDATA[
+   file name: spring-expression-5.3.20.jar
+   ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.springframework/spring\-expression@.*$</packageUrl>
+        <cve>CVE-2016-1000027</cve>
+    </suppress>
+</suppressions>
+
diff --git a/droid-tools/dependency-check/suppressions.xml b/droid-tools/dependency-check/suppressions.xml
new file mode 100644
index 000000000..47b1e5bd0
--- /dev/null
+++ b/droid-tools/dependency-check/suppressions.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+</suppressions>
+
diff --git a/pom.xml b/pom.xml
index 2949e822d..5d9c7fefb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -54,6 +54,7 @@
                         <exclude>appveyor.yml</exclude>
                         <exclude>.gitattributes</exclude>
                         <exclude>.github/**</exclude>
+                        <exclude>**/suppressions.xml</exclude>
                     </excludes>
                 </configuration>
             </plugin>