cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: New security advisories for Apache CXF
Date Wed, 19 Apr 2017 08:40:50 GMT
Could you file an issue with the OWasp plugin instead to remove this CVE
from their list (if this is possible - I'm not sure how they are pulling
down advisories)?

Colm.

On Wed, Apr 19, 2017 at 7:41 AM, Dennis Kieselhorst <deki@apache.org> wrote:

> > It's not a bug - that advisory was just raised against a sample that CXF
> > ships with.
>
> I know, unfortunately the dependency check reports it as soon as any CXF
> dependency is present (try mvn org.owasp:dependency-check-maven:check to
> reproduce). If failBuildOnCVSS is set, the build will fail unless you
> define a suppression for it.
>
> That's why I thought a comment might be useful for users that hit this CVE.
>
> Regards
> Dennis
>
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message