Transitive vulnerable dependency in version 3.0.0 #325
Replies: 1 comment 2 replies
-
|
Discussions is the wrong area. Please send us a pull request. |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
Sorry, but will not do that. Will create issue for this. In case this will be not fixed in next releases then I prefer to switch to other library. |
Beta Was this translation helpful? Give feedback.
-
|
An issue is also ok. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi
We migrated our project to library version 3.0.0 and it still contains vulnerable transitive dependency commons-collections:commons-collections:3.2.2 (resolved through commons-beanutils:commons-beanutils:1.9.4)
Can you exclude this vulnerable dependency from next minor release?
More details: https://devhub.checkmarx.com/cve-details/Cx78f40514-81ff/
Beta Was this translation helpful? Give feedback.
All reactions