-
Task
-
Resolution: Done
-
Medium
-
None
-
None
-
Policy 2022-10-27->2022-11-09, Policy 2022-11-09->2022-11-23, Policy 2022-11-30->2022-12-14, Policy 2023-01-04->2023-01-18, Policy 2023-01-25->2023-02-08, Policy 2023-02-08->2023-02-22, Policy 2023-02-22->2023-03-08
There are a few dependencies in drools-pdp that are showing up in the CLM runs as being vulnerable. They are:
10 Security - Critical vulnerabilities com.thoughtworks.xstream : xstream : 1.4.17
10 Security - Critical vulnerabilities org.apache.maven : maven-compat : 3.3.9
10 Security - Critical vulnerabilities org.apache.maven : maven-core : 3.3.9
10 Security - Critical vulnerabilities org.apache.maven : maven-settings : 3.3.9
10 Security - Critical vulnerabilities org.jsoup : jsoup : 1.7.2
See the CLM report for drools-pdp for more information.