Closed snackerphi closed 1 year ago
@snackerphi thanks for reporting this. Given that you've opened a ticket in java-sdk-core
, it's best to wait for an update in that repo and then we'll get the core dependabot PR here.
Also, we don't have an SDK version 17.0.2
. I'm assuming you meant the latest version 0.7.0
.
Oops... yes. I've corrected that.
@emlaver , just FYI, this has been fixed in java-sdk-core
version 9.18.6
.
Describe the bug
XRay scan is flagging commons-io:commons-io:2.7 as vulnerable to a divide-by-zero DoS attack. Issue in com.ibm.cloud:sdk-core
To Reproduce
Expected behavior
No vulnerabilities in dependent libraries
Screenshots
Must gather (please complete the following information):
Additional context