Jon

Sorry for the delayed response. This looks great! Many thanks for switching over to the derive api too. I had that on my roadmap :) The `-d` flag is something...

To add two more cents to the pile. It can happen that you pull a docker-compose.yml from another group and want to not run some of what they have turned...

I've updated the 5 CVEs in the GitHub database to reference `com.fasterxml.woodstox:woodstox-core` rather than `com.thoughtworks.xstream:xstream`.

@pjfanning the fix versions should be on there. As for the description; yes I've gone ahead and added some language about DTD parsing.

> How many CVEs will remain (that is, are some being closed as duplicates)? @cowtowncoder I hadn't planned to remove any of the CVEs, but if @henryrneh plans to revoke...

Hey @MarkLee131, would you mind elaborating on the connection between these commits and the advisory?

Hey @MarkLee131, are you sure this resolves this issue? The backing issue is still open https://github.com/OpenTSDB/opentsdb/issues/1239

Hey @sunSUNQ, I'm not sure I see how all of these commits are related to the advisory. Can you step me through the logic?

I'm still not seeing the linkage. How does it relate to `stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java`?

Hey @MarkLee131, thanks for the PR. Any chance you also have a reference linking the `HIVE-18788` id to the CVE?