On 2018-07-05, Ola Lundqvist <o...@inguza.com> wrote: > If you read the mail chain you can see that I have alread analyzed the > two CVEs. So it is already done. > > Is it so that you think we should reanalyze entries from 2009 as well, > or?
Yes. All of them, not only the 2011 ones. Same for jetty 9 and CVEs prior to 2015. Because relying on CVE year versus release date makes no sense whatsoever. Cheers, --Seb