Kevin W. Wall
Kevin W. Wall
@jeremylong - as noted in an email, I also checked Sonatype's flagship SCA project Nexus IQ, for this CVE and Nexus IQ is pointing to the NVD CVE and not...
**Update**: While Nexus IQ refers to the NVD CVE for it's description, they do report the vulnerability consistent in a manner with OSS Index and but the Nexus IQ description...
Have heard nothing further. I think we need to report it to Sonatype for at least their OSS Index project. Sonatype Lift also reports this for AntiSamy 1.7.0, but I...
Probably not. I think that site is just implements a web API and client that accesses the information in https://ossindex.sonatype.org/. I think it is flawed data in ossindex.sonatype.com that needs...
@davewichers and @spassarop - This really is sounding more like a bug in Batik CSS or possibly a misalignment in the understanding with your users than it is a bug...
@star-r I think the only logical approach at this point is to ask that Batik CSS community to fix it. Write up an example with a test case using Batik...
In JDK 9, there was a new Doclet API introduced, which probably affected the Javadoc tool so that it now complains about different stuff. E.g., see https://openjdk.java.net/groups/compiler/using-new-doclet.html. There are probably...
While I understand the desire for reproducible builds, in case such as Java where timestamps are introduced in to the zip-file archives (.jar, .war, and .ear files for those not...
I would be in favor of changing this from MUST to SHOULD, but perhaps we could compromise somewhat and leave it as 'MUST' if a particular source file was "sourced"...
If we're going to require Copyright notice on every _source_ file, can we at least make an exclusion for _configuration_ files? That gets confusing because they often get heavily edited...