On 2018-07-05, Ola Lundqvist <o...@inguza.com> wrote:
> If you read the mail chain you can see that I have alread analyzed the
> two CVEs. So it is already done.
>
> Is it so that you think we should reanalyze entries from 2009 as well,
> or?

Yes. All of them, not only the 2011 ones. Same for jetty 9 and CVEs
prior to 2015. Because relying on CVE year versus release date makes no
sense whatsoever.

Cheers,

--Seb

Reply via email to