meonkeys commented on PR #4401: URL: https://github.com/apache/fineract/pull/4401#issuecomment-2698588165
First, reminder to immediately email any security findings to `security` at `fineract.apache.org`. I understand Docker Scout / Snyk has identified issues and we need to fix these. @IOhacker, I was thinking these issues ware related to dependencies in upstream Docker images, but now I'm realizing these dependencies are Java libraries that need updating. I think we should still proceed with the v1.11.0 release and upgrade dependencies (and fix tests) on develop. I'm not certain this is the best path; we may end up having to ship a v1.11.1 hotfix / patch release depending on what we find. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
