THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
OWASP Dependency Check is a tool for checking the Java librairies libraries you use have no security issues. Since it often reports false positives or issues not really needing attention, you need to maintain a suppression file.
First I must say, it's a very tedious work to use OWASP Dependency Check to identify and possibly fix dependencies vulnerabilities. Not only there are many false positives or issues not really needing our attention, but some issues are also hidding others. So you need to check issues one by one and put the possible suppress information in the suppression file and run again the check, etc. Unfortunately it's the best solution we have so far. Because it's not enough to blindly update librairires libraries we use by using the last version.
...
Here is the suppress file, I (Jacques Le Roux) created in early December 2015 while updating the vulnerable librairires libraries when possible. It's commented inside to help having a clearer vision of the situation (which fortunately is not bad 
)
...
The idea is that you can use it as a basis on your project and (if possible) help to maintain keep it up to date. This can be done by sharing your experience here in as a comment or contributing if you are already , or by updating this page as a Confluence contributor (as explained in the top banner you can ask on the OFBiz user ML else).
Here is the command line I use on Windows to start the check (I used the OWASP Dependency Check command line option on Windows):
>dependency-check -project OFBiz -scan C:\projectASF-Mars\ofbiz --suppression C:\tools\dependency-check\suppress.xml
...