suppress false positive in dependecy-check (jackrabbit-webdav)

suppression.xml

@@ -63,4 +63,11 @@
 		<cve>CVE-2023-35116</cve>
 	</suppress>
 
+	<suppress>
+		<notes><![CDATA[
+		False positive for jackrabbit-webdav-2.21.15.jar. This component is not affected, see https://lists.apache.org/thread/j03b3qdhborc2jrhdc4d765d3jkh8bfw
+   ]]></notes>
+		<packageUrl regex="true">^pkg:maven/org\.apache\.jackrabbit/jackrabbit\-webdav@.*$</packageUrl>
+		<cve>CVE-2023-37895</cve>
+	</suppress>
 </suppressions>