I'm looking at the dependency check job in travis (https://travis-ci.org/apereo/cas/jobs/418359410) and i see alot of "dependencies with known vulnerabilities".
Should we be trying to upgrade those? Some i realize are probably bogus (CVE-2000-0759), in tomcat-servlet-api-8.5.32.jar (cpe:/a:apache_software_foundation:tomcat:8.5.32, org.apache.tomcat:tomcat-servlet-api:8.5.32, cpe:/a:apache:tomcat:3.1) : CVE-2000-0759 But others don't seem to be. How are these handled typically? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/182e234e-df0e-4527-9f0b-1e8c4cabaf6b%40apereo.org.
