cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis Kieselhorst"<d...@apache.org>
Subject Re: New security advisories for Apache CXF
Date Wed, 19 Apr 2017 06:41:33 GMT
> It's not a bug - that advisory was just raised against a sample that CXF
> ships with.

I know, unfortunately the dependency check reports it as soon as any CXF dependency is present
(try mvn org.owasp:dependency-check-maven:check to reproduce). If failBuildOnCVSS is set,
the build will fail unless you define a suppression for it.

That's why I thought a comment might be useful for users that hit this CVE.

Regards
Dennis



Mime
View raw message