You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "fpientka (JIRA)" <ji...@apache.org> on 2014/03/24 09:59:50 UTC

[jira] [Created] (TOMEE-1153) Security Report

fpientka created TOMEE-1153:
-------------------------------

             Summary: Security Report
                 Key: TOMEE-1153
                 URL: https://issues.apache.org/jira/browse/TOMEE-1153
             Project: TomEE
          Issue Type: Dependency upgrade
            Reporter: fpientka


Dependency-Check https://github.com/jeremylong/DependencyCheck can be used to check project dependencies for published security vulnerabilities. The checks performed are a "best effort" and as such, there could be false positives as well as false negatives. However, vulnerabilities in 3rd party components is a well-known problem and is currently documented in the 2013 OWASP. I'ver attaced a
TomEE 1.6.0 Security DependencyCheck-Report with dependency-check-1.1.3-release and 31 CVE Vulnerable Dependencies. Even some are not neccessarily its a godd indicator for componente updates and a security warnung list




--
This message was sent by Atlassian JIRA
(v6.2#6252)