Hi,
We are currently using wildfly-26.1.2.Final built using wildfly feature pack. Recently we received a warning from our dependency check tool indicating that sshd-core-2.7.0.jar is triggering a CRITICAL severity CVE
https://nvd.nist.gov/vuln/detail/CVE-2022-45047
We would be safe to upgrade sshd-core to version 2.9.2. I am asking this question because the module file for sshd-core in wildfly is marking it as a private dependency
------------------------------------------------------------------------------------------------------------------------
<module name="org.apache.sshd" xmlns="urn:jboss:module:1.9">
<properties>
<property name="jboss.api" value="private"/>
</properties>
<resources>
<resource-root path="sshd-common-2.7.0.jar"/>
<resource-root path="sshd-core-2.7.0.jar"/>
</resources>
<dependencies>
<module name="org.bouncycastle.bcpg"/>
<module name="org.bouncycastle.bcpkix"/>
<module name="org.bouncycastle.bcprov"/>
<module name="org.slf4j"/>
<module name="org.slf4j.impl"/>
<module name="java.logging"/>
<module name="java.rmi"/>
<module name="java.management"/>
</dependencies>
</module>
------------------------------------------------------------------------------------------------------------------------
Appreciate your help.
Anoop