I think it depends if it is OWASP causing problems or the NVD source. In this case the regex on the source is too open. https://nvd.nist.gov/vuln/detail/CVE-2017-5929
Alternatively, with dropwizard using dependbot, even if a new CVE is reported, the project is likely already on the latest, so there is nothing to be done but wait for the upstream resolution. -- You received this message because you are subscribed to the Google Groups "dropwizard-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to dropwizard-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dropwizard-dev/5cf32136-6223-4761-8667-8489c8f3cdda%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
