[ https://issues.apache.org/jira/browse/PLUTO-802?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Neil Griffin closed PLUTO-802. ------------------------------ Resolution: Fixed Upgraded to Maven 3.8.1 which is the patched version. > Dependabot identifies false positive CVE-2021-26291 > --------------------------------------------------- > > Key: PLUTO-802 > URL: https://issues.apache.org/jira/browse/PLUTO-802 > Project: Pluto > Issue Type: Task > Components: build system > Affects Versions: 3.1.1 > Reporter: Neil Griffin > Assignee: Neil Griffin > Priority: Major > Fix For: 3.1.2 > > > Dependabot has falsely identified CVE-2021-26291 as a security vulnerability > due to a build system property named {{maven.version}} due to usage of the > following dependency: > {code:java} > <dependency> > <groupId>org.apache.maven</groupId> > <artifactId>maven-core</artifactId> > <version>2.0.5</version> > </dependency> {code} > However, at the time of this writing, [Maven Central does not list any > vulnerabilities for this > version|https://ossindex.sonatype.org/component/pkg:maven/org.apache.maven/maven-core@2.0.6]. -- This message was sent by Atlassian Jira (v8.20.10#820010)