FYI, just ran the following goal:
mvn compile org.sonatype.ossindex.maven:ossindex-maven-plugin:audit
Result on all modules is a CVSS-score threshold: 0.0
In contrast: IIRC the owasp dependency plugin gave several false positives.
We should consider to add this to the maven-parent to get early
notifications on known CVEs.
On Thu, 13 Sep 2018 22:20:06 +0200, Karl Heinz Marbaise
<[email protected]> wrote:
Hi,
based on the issues have been solved..
from my point of view waiting at the moment for the following issues:
* MNG-6311
* MNG-6391
Afterwards I would like to cut a release of Maven Core...
This results into the question:
Should we call it 3.6.0 or 3.5.5..?
Based on the fixed issues which are only bug fixes (my opinion)...I
would vote for 3.5.5 ?
What do you think?
Kind regards
Karl Heinz Marbaise
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
