No vulnerabilities (especially high or critical severity ones) should be found on a Trivy scan
Actual behavior
Critical vulnerabilities are detected in Spring framework and other components. I'm aware of the closed issue here: https://github.com/OHDSI/WebAPI/issues/2298 and the fact the vulnerability only applies with JDK9+. This isn't really a satisfactory solution for us . Can you advise if there has been or will be a fix for this issue so that there are no critical or high severity vulnerabilities detected after scanning WebAPI installed from the latest release?
Expected behavior
No vulnerabilities (especially high or critical severity ones) should be found on a Trivy scan
Actual behavior
Critical vulnerabilities are detected in Spring framework and other components. I'm aware of the closed issue here: https://github.com/OHDSI/WebAPI/issues/2298 and the fact the vulnerability only applies with JDK9+. This isn't really a satisfactory solution for us . Can you advise if there has been or will be a fix for this issue so that there are no critical or high severity vulnerabilities detected after scanning WebAPI installed from the latest release?