ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Bodewig <bode...@apache.org>
Subject Re: Tooling update
Date Fri, 08 Jun 2018 18:42:09 GMT
On 2018-06-08, Gintautas Grigelionis wrote:

> Then I was surprised that Dependency Check indicates that the latest
> XZ 1.8 has a vulnerability: should we ask them to investigate?

That's a false positive.

https://www.cvedetails.com/cve/CVE-2015-4035/ applies to the command
line tooling and is not related to XZ for Java at all.

Stefan

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message