Hi This plugin is maintained by the Apache Felix project so please refer to them for any questions. Anyway please read the description of the CVE so it's very unlikely you are subject to a real security issue here. Remember scanner is just "stupidly" looking at dependencies and most of the time this doesn't mean you have a real problem.
On Sat, 19 Aug 2023 at 17:23, Debraj Manna <subharaj.ma...@gmail.com> wrote: > > Hi > > In our scan maven-bundle plugin 5.1.5 is getting flagged for CVE-2021-26291 > <https://nvd.nist.gov/vuln/detail/CVE-2021-26291> due to the presence > of maven-compat 3.3.9. I am seeing that the latest version of maven-bundle > plugin, 5.1.9 is also using maven-compat 3.3.9. Is there any plan to update > maven-compat to 3.8.2 at least to get around this CVE? > > Thanks --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
