On 16/10/2023 13:11, Romain Manni-Bucau wrote:
Hi all,
It seems ossindex reports an invalid CVE for tomcat:
https://ossindex.sonatype.org/component/pkg:maven/org.apache.tomcat/tomcat-coyote@10.1.15
(https://ossindex.sonatype.org/vulnerability/CVE-2023-42794)
Am I right assuming it is due to the way coordinates are entered in their
system more than an actual issue or did I miss something?
Should we send a mail to ossin...@sonatype.org to get it fixed?
It isn't clear to me what Sonatype think the problem is. I have no
interest in creating an account to find out.
If Sonatype have identified an error in the report (I've looked but
can't see one) then Sonatype should report it to the Tomcat security
team via the usual channel (secur...@tomcat.apache.org).
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
