Marco Lackovic

icon indicating a website link https://stackoverflow.com/users/334569/marco-lackovic icon indicating an email [email protected]

icon company Concise icon location Tallinn, Estonia icon location Software engineer. Formerly research fellow in distributed data mining and teaching assistant of concurrent and object oriented programming. @eestec alumni

Results 33 comments of Marco Lackovic

[FP]: CVE-2022-31569 [email protected] & javax.jms-api-2.0

Affecting also: ``` jakarta.jms-api-2.0.3.jar (pkg:maven/jakarta.jms/[email protected], cpe:2.3:a:projects_project:projects:2.0.3:*:*:*:*:*:*:*) : CVE-2022-31569 spring-hateoas-1.5.1.jar (pkg:maven/org.springframework.hateoas/[email protected], cpe:2.3:a:projects_project:projects:1.5.1:*:*:*:*:*:*:*) : CVE-2022-31569 ```

[FP]: CVE-2022-31569 [email protected] & javax.jms-api-2.0

Is it safe to assume then that these are false positives? Any idea on how their suppression rules would look like?

[FP]: CVE-2022-31569 [email protected] & javax.jms-api-2.0

> Even after using the suppressions above, I am still getting the following: > > Error: One or more dependencies were identified with vulnerabilities that have a CVSS score greater...

[FP]: CVE-2022-34305 reported for tomcat-embed-core and tomcat-embed-websocket

> Suppression rule: > > ``` > > FP per issue #4634 > ]]> > ^pkg:maven/org\.apache\.tomcat\.embed/tomcat-embed-core@.*$ > cpe:/a:apache:tomcat > > ``` This does not suppress the report on `tomcat-embed-websocket-9.0.63.jar`. Any...

[FP]: CVE-2022-34305 reported for tomcat-embed-core and tomcat-embed-websocket

> I went with these excludes (using cve rarther than cpe, which looked dangerous) : Had the same idea and tried to write a common expression for both: ``` ^pkg:maven/org\.apache\.tomcat\.embed/tomcat-embed-*@.*$...

[FP]: CVE-2022-34305 reported for tomcat-embed-core and tomcat-embed-websocket

> I guess that is because your expression is invalid. Yep, it was missing a `.` before the `*`. This works: ``` ^pkg:maven/org\.apache\.tomcat\.embed/tomcat-embed-.*@.*$ CVE-2022-34305 ``` I also added an expiration:...

Order model items alphabetically (or by type)

This is a very good suggestion! I would personally like it to be sorted by variable type first and the alphabetically, but it would also be good if this would...

Pre-Selected value not working

I had the same issue and solved by adding: `idProperty: 'id'` to the **extra-settings**. This is a quite important issue, I think it should be mentioned in the documentation.

double visible option if both groupBy and checkBoxes are using

I am also having the same issue: when both **groupBy** and **checkBoxes** are chosen in the `extra-settings` then the label is displayed twice.

Packages.config should include all options (including ignorechecksums)

Is there a way to ignore the checksum in the config file? I checked [the documentation](https://chocolatey.org/docs/commands-install) and the [StackOverflow thread](https://stackoverflow.com/questions/34106680/how-to-use-custom-parameters-in-chocolatey-config-file/34111537) but didn't find an answer to this. I did a...