You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "fpientka (JIRA)" <ji...@apache.org> on 2014/03/24 09:59:50 UTC
[jira] [Created] (TOMEE-1153) Security Report
fpientka created TOMEE-1153:
-------------------------------
Summary: Security Report
Key: TOMEE-1153
URL: https://issues.apache.org/jira/browse/TOMEE-1153
Project: TomEE
Issue Type: Dependency upgrade
Reporter: fpientka
Dependency-Check https://github.com/jeremylong/DependencyCheck can be used to check project dependencies for published security vulnerabilities. The checks performed are a "best effort" and as such, there could be false positives as well as false negatives. However, vulnerabilities in 3rd party components is a well-known problem and is currently documented in the 2013 OWASP. I'ver attaced a
TomEE 1.6.0 Security DependencyCheck-Report with dependency-check-1.1.3-release and 31 CVE Vulnerable Dependencies. Even some are not neccessarily its a godd indicator for componente updates and a security warnung list
--
This message was sent by Atlassian JIRA
(v6.2#6252)