Neil Griffin created PLUTO-802:
----------------------------------
Summary: Dependabot identifies false positive CVE-2021-26291
Key: PLUTO-802
URL: https://issues.apache.org/jira/browse/PLUTO-802
Project: Pluto
Issue Type: Task
Components: build system
Affects Versions: 3.1.1
Reporter: Neil Griffin
Assignee: Neil Griffin
Fix For: 3.1.2
Dependabot has falsely identified CVE-2021-26291 as a security vulnerability
due to a build system property named {{maven.version}} due to usage of the
following dependency:
{code:java}
<dependency>
<groupId>org.apache.maven</groupId>
<artifactId>maven-core</artifactId>
<version>2.0.5</version>
</dependency> {code}
However, at the time of this writing, [Maven Central does not list any
vulnerabilities for this
version|https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven/maven-core@2.0.6].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
