[ https://issues.apache.org/jira/browse/THRIFT-5293?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17211592#comment-17211592 ]
suraj misra commented on THRIFT-5293: ------------------------------------- Thankyou Max for your information as well as your patience for giving the answer. I will keep all advices next time in my mind while submitting the bug. In my case, it was showing the exact same vulnerabilities for 2 libraries. 1- libfb303:0.9.3 2-libthirft0.9.3 I updated the version for libthirft to 0.13.0 but still Blackduck was showing the security vulnerabilities for libfb303:0.9.3. I will report to Blackduck about these vulnerabilities as false positives for libfb303:0.9.3. > Blackduck shows the security vulnerabilities in libfb303:0.9.3 > -------------------------------------------------------------- > > Key: THRIFT-5293 > URL: https://issues.apache.org/jira/browse/THRIFT-5293 > Project: Thrift > Issue Type: Bug > Components: Java - Library > Affects Versions: 0.9.3 > Reporter: suraj misra > Assignee: Max > Priority: Critical > Fix For: 0.13.0 > > Attachments: Security_vulnerabilities.JPG > > > Blackduck shows the security vulnerabilities in libfb303:0.9.3 > !Security_vulnerabilities.JPG! -- This message was sent by Atlassian Jira (v8.3.4#803005)