xvik
commented
1 year ago Thank you for the info.
You can already update spotbugs version with: quality.spotbugsVersion = '4.7.3'
I'll release new version with updated defaults some time later
Closed Wrdle closed 1 year ago
xvik
commented
1 year ago Thank you for the info.
You can already update spotbugs version with: quality.spotbugsVersion = '4.7.3'
I'll release new version with updated defaults some time later
xvik
commented
1 year ago
New vulnerability in apache commons text versions 1.5 - 1.9 (CVE-2022-42889). Fix in apache commons text version 1.10.
Spotbugs 4.7.3 updates apache commons text dependency to 1.10. Spotbugs Gradle Plugin 5.0.13 updates its Spotbugs depdency to use 4.7.3.
Obviously, this does not affect run time of applications using this quality plugin. However, some pipelines with vulnerability scanning have started blocking artifacts with this plugin due to the version of Spotbugs being used.
Thanks for keeping this updated 🙂