[
https://issues.apache.org/jira/browse/ARTEMIS-5984?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Clebert Suconic closed ARTEMIS-5984.
------------------------------------
Fix Version/s: (was: 2.54.0)
Resolution: Won't Fix
We are not depending on plexus. This is a dependency provided by maven itself.
> Remove plexus-utils from the depency list on artemis-maven-plugin
> -----------------------------------------------------------------
>
> Key: ARTEMIS-5984
> URL: https://issues.apache.org/jira/browse/ARTEMIS-5984
> Project: Artemis
> Issue Type: Improvement
> Reporter: Clebert Suconic
> Assignee: Clebert Suconic
> Priority: Major
> Labels: pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> plexus-utils is the subject of a CVE: CVE-2025-67030
> And this makes artemis-maven-plugin to showup on security scanners even
> though the library is not used at any point.
> To settle things and not need any further discussion, I'm simply removing the
> dependency with an exclude
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
