alexsuter commented on issue #6247: URL: https://github.com/apache/incubator-kie-drools/issues/6247#issuecomment-2659511309
Hi @tkobayas, It's great to hear that Drools is not affected by this vulnerability. However, I would still prefer a version of Drools without the vulnerable component, even if it doesn’t pose a direct risk. Supply chain security is becoming increasingly important, and many customers automatically scan their software for vulnerable libraries. When they detect such components, they must individually assess whether the vulnerability is a potential security concern. Keeping this component up to date would eliminate that uncertainty altogether. Best, Alex -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
