On 2018-06-08, Gintautas Grigelionis wrote: > Then I was surprised that Dependency Check indicates that the latest > XZ 1.8 has a vulnerability: should we ask them to investigate?
That's a false positive. https://www.cvedetails.com/cve/CVE-2015-4035/ applies to the command line tooling and is not related to XZ for Java at all. Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
