markt-asf commented on issue #23:
URL:
https://github.com/apache/tomcat-jakartaee-migration/issues/23#issuecomment-897403716
No plans to update.
Automated scanning tools (including those that look at dependencies without
considering the context in which it is used) generate a large number of false
positive vulnerability reports. The default position of the ASF is to reject
all such reports unless accompanied by an explanation, PoC or similar that
demonstrates a genuinely exploitable issue.
We usually (but not always) look at dependencies and update them as part of
release preparation.
There are currently no plans for the next release.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
