CVE-2014-0107 not reported?

[Jacques Le Roux]

Hi,

When I checked Apache OFBiz https://ofbiz.apache.org/ Dependency Check did not return CVE-2014-0107

Since I fixed the issue at https://issues.apache.org/jira/browse/OFBIZ-6905 if you want to check this by yourself you not only need to checkout OFBiz
trunk
svn co http://svn.apache.org/repos/asf/ofbiz/trunk
but also revert r1730882
svn merge -c -1730882 https://svn.apache.org/repos/asf/ofbiz/trunk

I just did that and attach the resulting dependency-check-report.html zipped

I have also created a page in our wiki where I explain how to use Dependency Check in our project. I put an up to date suppress file there.

Thanks for this great tool and your help.

Jacques

[Jeremy Long]

Thanks for reporting this. I opened an issue on github. The patch has been implemented and will be included in the next release.

--Jeremy

Jacques

--
You received this message because you are subscribed to the Google Groups "Dependency Check" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dependency-che...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.