dakshay4 opened a new issue, #6185: URL: https://github.com/apache/incubator-kie-drools/issues/6185
Hi Drools Team, There is a transitive Vulnerability in `org.drools:drools-decisiontables:jar:9.44.0.Final` Due to `org.mvel:mvel2:jar:2.5.0.Final:compile` Meanwhile I checked the commit https://github.com/kiegroup/drools/commit/cb046fb6a0667b7ff63e0a0abf15b19035dd00bf It is updated in repo, and not present in the latest jar of org.drools:drools-decisiontables, i.e. 9.44.0.Final > _Dependency tree in our application -_ <img width="665" alt="Screenshot 2024-12-05 at 11 16 40 AM" src="https://github.com/user-attachments/assets/53c18ed4-0edd-4d95-8ed3-9fc89995d2f3"> > _Dependency present in the drools repo-_  Creating vulnerability in our application. It is requested to please upload the jar with mvel2 version >=2.5.1.Final -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@kie.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@kie.apache.org For additional commands, e-mail: commits-h...@kie.apache.org