Every time I use that plugin I end up with a bunch of false positive excludes (I haven't switched to 2.x yet)
On Mon, Sep 25, 2017 at 12:23 PM, Tilman Hausherr <thaush...@t-online.de> wrote: > If anybody is using OWASP dependency-check for their builds, the new > version 2.1.1 is over-sensitive compared to 2.1.0. I've opened an issue here > > https://github.com/jeremylong/DependencyCheck/issues/894 > > Besides fontbox, it also reports javamail. > > Tilman > >
