Any thoughts on this? On Sun, Aug 20, 2023 at 1:01 PM Debraj Manna <subharaj.ma...@gmail.com> wrote:
> Hi > > In our scan maven-bundle plugin 5.1.5 is getting flagged for > CVE-2021-26291 <https://nvd.nist.gov/vuln/detail/CVE-2021-26291> due to > the presence of maven-compat 3.3.9. I am seeing that the latest version of > maven-bundle plugin, 5.1.9 is also using maven-compat 3.3.9. Is there any > plan to update maven-compat to 3.8.2 at least to get around this CVE? > > Thanks >