https://bz.apache.org/bugzilla/show_bug.cgi?id=58047
Dominik Stadler <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WORKSFORME Status|NEW |RESOLVED --- Comment #1 from Dominik Stadler <[email protected]> --- Analysis: All instances reported in the report are reported as "low" and are about exception information being retrieved at some point and a OutputStream.write() call in a totally unrelated place, so it is unclear to me what the actual vulnerability is about here. If you have a specific case where you think there is an actual vulnerability, please describe it, but I could only see false-positives here. Naturally security scanners report as much as possible to justify their costs, unfortunately this means that you most often need to wade through a bunch of useless reports to find out if there are actual things that should be fixed. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
