Hello, the Maven Dependency Check plugin reports a number of CVEs for apache-mime4j-core-0.8.4.jar: - CVE-2021-38542 - CVE-2021-40110 - CVE-2021-40111 - CVE-2021-40525
These were recently fixed in Apache James 3.6.1: https://james.apache.org/james/update/2021/12/02/james-3.6.1.html But I'm not sure how this relates to Mime4J. Is Mime4J still affected or are the reports false positives? Best regards, Arend
