[
https://issues.apache.org/jira/browse/TOMEE-1153?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
fpientka updated TOMEE-1153:
----------------------------
Attachment: TomEE 1.6.0 Security DependencyCheck-Report.html
TomEE 1.6.0 Security DependencyCheck-Report
> Security Report
> ---------------
>
> Key: TOMEE-1153
> URL: https://issues.apache.org/jira/browse/TOMEE-1153
> Project: TomEE
> Issue Type: Dependency upgrade
> Reporter: fpientka
> Attachments: TomEE 1.6.0 Security DependencyCheck-Report.html
>
>
> Dependency-Check https://github.com/jeremylong/DependencyCheck can be used to
> check project dependencies for published security vulnerabilities. The checks
> performed are a "best effort" and as such, there could be false positives as
> well as false negatives. However, vulnerabilities in 3rd party components is
> a well-known problem and is currently documented in the 2013 OWASP. I'ver
> attaced a
> TomEE 1.6.0 Security DependencyCheck-Report with
> dependency-check-1.1.3-release and 31 CVE Vulnerable Dependencies. Even some
> are not neccessarily its a godd indicator for componente updates and a
> security warnung list
--
This message was sent by Atlassian JIRA
(v6.2#6252)
