Mark - per NIST this CVEis listed as impact to tomcat
https://nvd.nist.gov/vuln/detail/CVE-2016-5388 which is how we came to find
evidence for audit on the version where this was remediated.
On Fri, Aug 14, 2020 at 4:15 AM Mark Thomas wrote:
> On 13/08/2020 20:52, Nic P wrote:
>
Hi
Can anyone help me understand why some CVE's show in the changelog but not
on the security report?
Example is CVE-2016-5388 which shows as fixed in 8.0.37 changelog but
missing on the security report.
This has come up in a audit and hard to explain which is the System of
Record information f
