Suppress PDFBox CVE (#1308)

https://nvd.nist.gov/vuln/detail/CVE-2026-23907

Author: labkey-tchad

dependencyCheckSuppression.xml

@@ -194,4 +194,37 @@
        <packageUrl regex="true">^pkg:maven/org\.mozilla/rhino@.*$</packageUrl>
        <vulnerabilityName>CVE-2025-66453</vulnerabilityName>
     </suppress>
+
+    <!--
+    Some PDFBox example code (ExtractEmbeddedFiles) contains a path traversal vulnerability. The example code isn't
+    packaged in any jars and we already have checks in place to prevent path traversal vulnerabilities.
+    -->
+    <suppress>
+        <notes><![CDATA[
+       file name: pdfbox-3.0.4.jar
+       ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.pdfbox/pdfbox@.*$</packageUrl>
+        <cve>CVE-2026-23907</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+       file name: pdfbox-debugger-3.0.4.jar
+       ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.pdfbox/pdfbox-debugger@.*$</packageUrl>
+        <cve>CVE-2026-23907</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+       file name: pdfbox-io-3.0.4.jar
+       ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.pdfbox/pdfbox-io@.*$</packageUrl>
+        <cve>CVE-2026-23907</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+       file name: pdfbox-tools-3.0.4.jar
+       ]]></notes>
+        <packageUrl regex="true">^pkg:maven/org\.apache\.pdfbox/pdfbox-tools@.*$</packageUrl>
+        <cve>CVE-2026-23907</cve>
+    </suppress>
 </suppressions>