Fishbowler
commented
7 months ago I've got a branch going, but it might be impossible to exclude vulnerabilities in the dependencies of the parent version of Openfire without naming each of them, even though they're provided rather than included.
There's certainly some way of autogenerating an exclusion doc in Openfire, publishing it as an artifact, but it's a lot of work for not a lot of gain.
:thinking:
Add dependency-check-maven to POM, similar to Openfire's, allowing a vulnerability report to be easily generated