Lonzak commented on issue #5718: URL: https://github.com/apache/jmeter/issues/5718#issuecomment-1285890535
> The CVE (https://nvd.nist.gov/vuln/detail/CVE-2022-42889) > doesn't concern us, as we are not using the affected class StringSubstitutor > in our code. > > But it is always a good idea, to keep our dependencies up to date. Thank you nevertheless for updating - since all scanners alert anyway when finding a vulnerable library (even though the effected class is not directly used). By not using an up-to-date lib it is now much easier to argue with the decision makers / security guys... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@jmeter.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
