Hi, When I checked Apache OFBiz https://ofbiz.apache.org/ Dependency Check did not return CVE-2014-0107
Since I fixed the issue at https://issues.apache.org/jira/browse/OFBIZ-6905 if you want to check this by yourself you not only need to checkout OFBiz trunk
svn co http://svn.apache.org/repos/asf/ofbiz/trunk but also revert r1730882 svn merge -c -1730882 https://svn.apache.org/repos/asf/ofbiz/trunk I just did that and attach the resulting dependency-check-report.html zipped I have also created a page in our wiki where I explain how to use Dependency Check in our project. I put an up to date suppress file there. Thanks for this great tool and your help. Jacques