Re: CVE-2021-26291 in maven-bundle plugin

Hi This plugin is maintained by the Apache Felix project so please refer to them for any questions. Anyway please read the description of the CVE so it's very unlikely you are subject to a real security issue here. Remember scanner is just "stupidly" looking at dependencies and most of the time

CVE-2021-26291 in maven-bundle plugin

Hi In our scan maven-bundle plugin 5.1.5 is getting flagged for CVE-2021-26291 due to the presence of maven-compat 3.3.9. I am seeing that the latest version of maven-bundle plugin, 5.1.9 is also using maven-compat 3.3.9. Is there any plan to