Open dhuebner opened 4 months ago
When releasing to maven central a security report is created. I will post a report link here, but I do not know how long it will remain available.
https://sbom.sonatype.com/report/T1-118f0f57da8c6b3097cc-7c5cd3c324b3e8-1709210263-9c8c29739af94ba6940236bcf4b9429f
Here are the top two candidates, both transitive (probably Xtext): pkg:maven/log4j/log4j@1.2.17
pkg:maven/log4j/log4j@1.2.17
pkg:maven/com.google.guava/guava@31.0.1-jre
When releasing to maven central a security report is created. I will post a report link here, but I do not know how long it will remain available.
https://sbom.sonatype.com/report/T1-118f0f57da8c6b3097cc-7c5cd3c324b3e8-1709210263-9c8c29739af94ba6940236bcf4b9429f
Here are the top two candidates, both transitive (probably Xtext):
pkg:maven/log4j/log4j@1.2.17
pkg:maven/com.google.guava/guava@31.0.1-jre