hpvd opened a new issue, #17068: URL: https://github.com/apache/pulsar/issues/17068
### Search before asking - [X] I searched in the [issues](https://github.com/apache/pulsar/issues) and found nothing similar. ### Motivation Since https://github.com/apache/pulsar/pull/10855 we are doing dependency scan for Vulnerabilities on regular basis. That really great. Over time more and more vulnerabilities are suppressed. This may - not be necessary anymore if it's about suppressing false positive (since number of false positive are reduced with every new version of check tool) - may hide some open vulnerabilities even if there is a solution available now org.apache.pulsar:pulsar-server-distribution:2.11.0-SNAPSHOT: Vulnerabilities Suppressed: 23 org.apache.pulsar:pulsar-offloader-distribution:2.11.0-SNAPSHOT: Vulnerabilities Suppressed: 4 ### Solution before every release: check for each suppressed vulnerability if it's still reasonable/necessary before: update check tool to latest version (which typical solves some false positive) >7.11, the check uses see 7.10 https://github.com/jeremylong/DependencyCheck/releases ### Alternatives _No response_ ### Anything else? _No response_ ### Are you willing to submit a PR? - [ ] I'm willing to submit a PR! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
