fpientka created TOMEE-1153:
-------------------------------
Summary: Security Report
Key: TOMEE-1153
URL: https://issues.apache.org/jira/browse/TOMEE-1153
Project: TomEE
Issue Type: Dependency upgrade
Reporter: fpientka
Dependency-Check https://github.com/jeremylong/DependencyCheck can be used to
check project dependencies for published security vulnerabilities. The checks
performed are a "best effort" and as such, there could be false positives as
well as false negatives. However, vulnerabilities in 3rd party components is a
well-known problem and is currently documented in the 2013 OWASP. I'ver attaced
a
TomEE 1.6.0 Security DependencyCheck-Report with dependency-check-1.1.3-release
and 31 CVE Vulnerable Dependencies. Even some are not neccessarily its a godd
indicator for componente updates and a security warnung list
--
This message was sent by Atlassian JIRA
(v6.2#6252)
