olamy commented on PR #170: URL: https://github.com/apache/maven-javadoc-plugin/pull/170#issuecomment-1295751406
> > did you check if the plugin is **really** affected but the issue? read here https://blogs.apache.org/security/entry/cve-2022-42889 > > If there is only the slightest doubt, one would want to upgrade, don't you agree? Besides, keeping libraries current is a good thing for maintenance. sure no worries it's a good idea. But in this case the title shouldn't contains "to address CVE-2022-42889" because we didn't assess it and we can "claim" we are affected by this. that's a bit different ;) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
