Could you file an issue with the OWasp plugin instead to remove this CVE from their list (if this is possible - I'm not sure how they are pulling down advisories)?
Colm. On Wed, Apr 19, 2017 at 7:41 AM, Dennis Kieselhorst <[email protected]> wrote: > > It's not a bug - that advisory was just raised against a sample that CXF > > ships with. > > I know, unfortunately the dependency check reports it as soon as any CXF > dependency is present (try mvn org.owasp:dependency-check-maven:check to > reproduce). If failBuildOnCVSS is set, the build will fail unless you > define a suppression for it. > > That's why I thought a comment might be useful for users that hit this CVE. > > Regards > Dennis > > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
