[
https://issues.apache.org/jira/browse/ARTEMIS-5984?focusedWorklogId=1012796&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1012796
]
ASF GitHub Bot logged work on ARTEMIS-5984:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 01/Apr/26 19:57
Start Date: 01/Apr/26 19:57
Worklog Time Spent: 10m
Work Description: clebertsuconic opened a new pull request, #6334:
URL: https://github.com/apache/artemis/pull/6334
(no comment)
Issue Time Tracking
-------------------
Worklog Id: (was: 1012796)
Remaining Estimate: 0h
Time Spent: 10m
> Remove plexus-utils from the depency list on artemis-maven-plugin
> -----------------------------------------------------------------
>
> Key: ARTEMIS-5984
> URL: https://issues.apache.org/jira/browse/ARTEMIS-5984
> Project: Artemis
> Issue Type: Improvement
> Reporter: Clebert Suconic
> Assignee: Clebert Suconic
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.54.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> plexus-utils is the subject of a CVE: CVE-2025-67030
> And this makes artemis-maven-plugin to showup on security scanners even
> though the library is not used at any point.
> To settle things and not need any further discussion, I'm simply removing the
> dependency with an exclude
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
