Hello there, i am using dropwizard (version 4.0.7) and when i run a dependency check it shows the following (transitive) vulnerability:
metrics-httpclient5-4.2.25.jar (pkg:maven/io.dropwizard.metrics/metrics-httpclient5@4.2.25, cpe:2.3:a:apache:httpclient:4.2.25:*:*:*:*:*:*:*) : CVE-2014-3577, CVE-2020-13956 Is this problem getting fixed? Thank you for your help Manuel -- You received this message because you are subscribed to the Google Groups "dropwizard-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to dropwizard-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dropwizard-dev/71830212-5af8-4b69-ac47-8f818e2e9dc7n%40googlegroups.com.
