vaadin · ZheSun88 · May 22, 2026 · May 22, 2026 · May 22, 2026
diff --git a/scripts/generateAndCheckSBOM.js b/scripts/generateAndCheckSBOM.js
@@ -100,7 +100,15 @@ const cveWhiteList = {
   'pkg:maven/org.codehaus.plexus/plexus-utils@3.6.1' : {
     cves: ['CVE-2025-67030'],
     description: 'FP: version 3.6.1 includes the fix per GHSA-6fmv-xxpf-w3cw (patched in 3.6.1+).'
-  }
+  },
+  'pkg:maven/com.vaadin/vaadin-swing-kit-flow@3.0.1' : {
+    cves: ['CVE-2021-33604'],
+    description: 'false report: this CVE is targeting Vaadin version prior 20, swing-kit-flow is using vaadin 24+ version, the related issue has been fixed.'
+  },
+  'pkg:maven/com.networknt/json-schema-validator@1.5.9' : {
+    cves: ['CVE-2025-15104'],
+    description: 'FP: The CVE belongs to Nu Html Checker which produce a false positive on Networknt JSON Schema Validator due to the overlapping keyword or an overly broad CPE mapping rule.'
+  },
 }
 
 const STYLE = `<style>

diff --git a/versions.json b/versions.json
@@ -365,8 +365,8 @@
             "javaVersion": "3.0.1"
         },
         "observability-kit-starter": {
-            "javaVersion": "4.0.0",
-            "jsVersion": "4.0.0"
+            "javaVersion": "4.0.1",
+            "jsVersion": "4.0.1"
         },
         "sso-kit-starter": {
             "javaVersion": "4.0.2",
@@ -512,7 +512,7 @@
             "pro": true
         },
         "vaadin-testbench": {
-            "javaVersion": "10.0.5",
+            "javaVersion": "10.0.6",
             "pro": true
         }
     }