Our project is using vault-java-driver 3.1.0. Latest scan with Tool "AppScan on Cloud" shows two vulnerabilites (see attached report)
asoc_audit-persistence_fixedOpenSourdeFindings_20200316_11_53_58.pdf
. I compared the source code with latest 5.1.0 and it looks like the affected code did not change siginificantly since 3.1.0.
May be these issues are worth a fix because for enterprise customers vulnerabilities are a real problem.
Our project is using vault-java-driver 3.1.0. Latest scan with Tool "AppScan on Cloud" shows two vulnerabilites (see attached report) asoc_audit-persistence_fixedOpenSourdeFindings_20200316_11_53_58.pdf . I compared the source code with latest 5.1.0 and it looks like the affected code did not change siginificantly since 3.1.0. May be these issues are worth a fix because for enterprise customers vulnerabilities are a real problem.