Closed RamyaRohidas closed 2 years ago
Can I get an answer if the community is doing anything to resolve the blackduck CVEs?
If you're going to report security issues, please report them one at a time and with full context for how it's relevant for this library. Otherwise, we consider this kind of post to be security spam. It's not our duty as an open source project to address the immediate demands of consumers. We operate at will when we have time. If you require immediate action, you're free to seek out professional services or a subscription service (like RHEL) that repackages libraries with security updates applied based on a guarantee response time. We're not going to take action on this issue based on such a vague and questionably relevant report.
We need fixes for these below FOSS Security vulnerability issues.
FOSS name FOSS version Latest clean version Nearest clean version Bouncy Castle 1.65 144 1.71 Bouncy Castle 1.66 144 1.71 Ruby v2_4_10 13.0.6 v2_7_5 Ruby 2.5.8 13.0.6 v2_7_5 Bouncy Castle Provider 1.66 1.71 1.71
FOSS name FOSS version License ttfunk 1.7.0 GNU General Public License v2.0 or later
com.guicedee.services:bouncycastle 1.2.2.1 GNU General Public License v3.0 or later