Hans Aikema

Would have to be raised with Sonatype OSSINDEX for re-evaluation, as the raised issue was not fixed, but the CVE disputed as an ArrayIndexOutOfBoundsException does not constitute a security issue...

The CVE is disputed, but according to Sonatype OSSIndex it is a valid vulnerability. As to the exact why you would have to communicate with Sonatype. ODC merely reports that...

approved

approved

Duplicate of #3283

approved

No updates, but based on your check I did some further checking. We're not going to solve this, unless maven dependency plugin will also solve it. Proof that it doesn't...

However... feel free to deep-dive into all of maven dependency-resolution and propose a PR that fixes it for transitive dependencies.

Think I've found a way to make these work as well.... need to do some further testing

approved