Neil Griffin created PLUTO-802: ---------------------------------- Summary: Dependabot identifies false positive CVE-2021-26291 Key: PLUTO-802 URL: https://issues.apache.org/jira/browse/PLUTO-802 Project: Pluto Issue Type: Task Components: build system Affects Versions: 3.1.1 Reporter: Neil Griffin Assignee: Neil Griffin Fix For: 3.1.2
Dependabot has falsely identified CVE-2021-26291 as a security vulnerability due to a build system property named {{maven.version}} due to usage of the following dependency: {code:java} <dependency> <groupId>org.apache.maven</groupId> <artifactId>maven-core</artifactId> <version>2.0.5</version> </dependency> {code} However, at the time of this writing, [Maven Central does not list any vulnerabilities for this version|https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven/maven-core@2.0.6]. -- This message was sent by Atlassian Jira (v8.20.10#820010)