https://bz.apache.org/bugzilla/show_bug.cgi?id=63090
Philippe Mouawad <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] | |om Status|NEW |NEEDINFO OS| |All --- Comment #1 from Philippe Mouawad <[email protected]> --- (In reply to jawadhoot from comment #0) > Created attachment 36379 [details] > issues reported by jfrog xray > > i am using jmeter to load test application. > my organization did a jfrog xray scan on docker image i build to test and it > reported 21 critical securities issues with libaries used inside jmeter > > following issues are reported > > xercesImpl-2.11.0.jar Upgraded already in nightly build, will be in 5.1 > commons-collections-3.2.2.jar What is the security issue ? We are not aware of security issues > geronimo-jms_1.1_spec-1.1.1.jar This is the jar of JMS specification not geronimo version. What is the CVE concerned > slf4j-ext-1.7.25.jar -> 18 What is the CVE ? We are not aware of security issue neither -- You are receiving this mail because: You are the assignee for the bug.
