Closed mmurdockk closed 3 years ago
Hi JFrog,
When using the artifactory-maven-plugin:2.6.1, Xray analysis find CVE in generated jar.
It's probably due to the dependency build-info-extractor-maven3 that includes groovy-all:2.1.6, that includes commons-cli:1.2...
Can you please fix this?
Thanks!
Hi @Modzful , We just release artifactory-maven-plugin:2.7.0 that is vulnerability free. Thanks for reporting this issue!
Hi JFrog,
When using the artifactory-maven-plugin:2.6.1, Xray analysis find CVE in generated jar.
It's probably due to the dependency build-info-extractor-maven3 that includes groovy-all:2.1.6, that includes commons-cli:1.2...
Can you please fix this?
Thanks!