Le 09/12/2017 à 23:29, Moritz Mühlenhoff a écrit : > I'd say let's kick it out, then. We have a build dependency (and run time > dependencies) on libspring-java, can we axe it out there?
jasperreports is just a build dependency of some unused parts of libspring-java. No application in Debian needs it at run time. So these vulnerabilities can be safely ignored in the stable releases. Emmanuel Bourg
