search

corretto / corretto-11

Amazon Corretto 11 is a no-cost, multi-platform, production-ready distribution of OpenJDK 11
GNU General Public License v2.0
668 stars 105 forks source link

Finding the unknown versions of mx4j and sjsxp #367

Open ananthram001 opened 3 months ago

ananthram001 commented 3 months ago

I am using a security scanner in my application which is running on amazoncorretto:11.0.23-alpine3.18 when I see the internal image I can see its using amazon-coretto-11.

My scanner is reporting it has unknown versions of mx4j and sjsxp available.

I am not able to find the version nor able to find any documentation relevant to that. Please add relevant details.

Path showing are: mx4j: usr/lib/jvm/java-11-amazon-corretto/jmods/java.management.jmod/classes/javax/management

sjsxp: usr/lib/jvm/java-11-amazon-corretto/jmods/java.xml.jmod/classes/com/sun

Autumn808 commented 3 months ago

We are looking into this thank you for the information.

Autumn808 commented 3 months ago

Would it be possible to get a reproducer and more information for to help us reproduce this to better help you?

Autumn808 commented 3 months ago

Also what type of scanner are you using?