Open CVEs

9 views

Skip to first unread message

Curtis Ruck

unread,

Aug 20, 2018, 9:48:57 PM8/20/18

to CAS Community

I'm looking at the dependency check job in travis (https://travis-ci.org/apereo/cas/jobs/418359410) and i see alot of "dependencies with known vulnerabilities".

Should we be trying to upgrade those?

Some i realize are probably bogus (CVE-2000-0759), in tomcat-servlet-api-8.5.32.jar (cpe:/a:apache_software_foundation:tomcat:8.5.32, org.apache.tomcat:tomcat-servlet-api:8.5.32, cpe:/a:apache:tomcat:3.1) : CVE-2000-0759

But others don't seem to be.

How are these handled typically?

Reply all

Reply to author

Forward

0 new messages