Hello, as this is my first question please forgive me if this is the wrong list for my question. Any hint towards the right one is appreciated.
We're using Apache 3.1.4 (Yes, I know it's quite old.). Deploying that the package also contains ehCache 2.10.4. Customer is now complaining about several vulnerabilities found in ehCache 2.10.4. As I looked at the newest release of Apache CXF I saw that also in that one ehCache 2.10.6 is used which still has several known vulnerabilities and so not even go to the newest release would solve these issues. As we're using WS security it seems that this reference is needed. So does anyone see a way getting around of that? Thanks a lot, Chris
