markt-asf commented on issue #23: URL: https://github.com/apache/tomcat-jakartaee-migration/issues/23#issuecomment-897403716
No plans to update. Automated scanning tools (including those that look at dependencies without considering the context in which it is used) generate a large number of false positive vulnerability reports. The default position of the ASF is to reject all such reports unless accompanied by an explanation, PoC or similar that demonstrates a genuinely exploitable issue. We usually (but not always) look at dependencies and update them as part of release preparation. There are currently no plans for the next release. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
