https://nvd.nist.gov/vuln/detail/CVE-2019-12419 marks all the cxf artifacts (cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*) as vulnerable - hence: * cxf-xjc-runtime-3.3.1.jar * cxf-xjc-ts-3.1.0.jar
gets marked as vulnerable - even though these are the latest version and unrelated to the issue - is there any way to get this fixed in the CVE? Are you planning on newer versions? If these were released with the same version as CXF the problem could be avoided (we always run with the latest patch-level). Any thoughts? -- -- David J. M. Karlsen - http://www.linkedin.com/in/davidkarlsen
