On Wednesday, July 20, 2022 at 1:29:26 PM UTC+2 [email protected] wrote:
> Hi, please could you advise on the vulnerability report by maven central > for the dependency `org.jacoco:org.jacoco.ant:0.8.8` and whether or not the > jar is safe to use? > Hi, It is not clear to which report you're referring - for example page https://ossindex.sonatype.org/component/pkg:maven/org.jacoco/[email protected] states that This version of org.jacoco.ant has no known vulnerabilities! 🎉 So could you please give us exact link to this report? > I did try searching the forum, FAQ's etc for an answer. These CVE's have > been present in all releases so I guess the team have evaluated them and > concluded that they don't actually affect the usage of the dependency? > -- You received this message because you are subscribed to the Google Groups "JaCoCo and EclEmma Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jacoco/6c7e1601-6081-4c2d-a2df-63bba787d43en%40googlegroups.com.
