Hi, > logback-throttling-appender-1.0.1.jar > (pkg:maven/io.dropwizard.logback/logback-throttling-appender@1.0.1, > cpe:2.3:a:logback:logback:1.0.1:*:*:*:*:*:*:*) : CVE-2017-5929 > > Is that something to be worried about?
That's a false positive. That project only exists since 2019. I think the OWASP dependency plugin at this point causes more problems than it solves, so maybe we'll remove it again. What does the rest of the developers think? Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "dropwizard-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to dropwizard-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dropwizard-dev/B1A53EF8-8F63-4BFE-815A-26CED27CF5FA%40schalanda.name. For more options, visit https://groups.google.com/d/optout.
