Should we say something like:
Torque team have addressed two recently reported security warnings
(CVE-2020-8908 and CVE-2020-9488) by upgrading to the fixed version of
the relevant packages.
Would that be accurate?
bryan
On Wed, Jan 27, 2021 at 8:06 AM Georg Kallidis
wrote:
>
> Hi Bryan,
>
>
Hi Bryan,
there are some minor updates (site) ASAIK, but we had two dependency
security warnings with a owasp check:
- CVE-2020-8908 for guava in module torque-maven (base score/severity:
low) and
- CVE-2020-9488: for log4j2 (all torque-dev), severity: Low (
Hi all, I'm preparing our quarterly report to the Apache board.
I missed our regular January report due to some personal issues (better now).
Please let me know of any Torque-related items that we should include
in this quarter's report!
thanks,
bryan
