Hi,
We don’t own avalon-framework so we can’t fix it.
Thanks
From: Didier Schlegel
Sent: 27 August 2018 09:07
To: fop-dev@xmlgraphics.apache.org
Subject: PGP signatures of avalon-framework
Dear FOP developers,
after reading this article
(http://branchandbound.net/blog/security
Dear FOP developers,
after reading this article
(http://branchandbound.net/blog/security/2012/03/crossbuild-injection-how-safe-is-your-build/)
about cross-build injection attacks I decided to give the
pgpverify-maven-plugin
(https://www.simplify4u.org/pgpverify-maven-plugin/index.html) a try.