patpatpat123 commented on PR #14: URL: https://github.com/apache/maven-resources-plugin/pull/14#issuecomment-1105221042
Hello Team, I am currently using the latest maven resource plugin, as of this writing found in Maven central at version 3.2.0. With such, it pulls plexus-utils-3.0.10.jar There is a known CVE, known issue for plexus-utils-3.0.10.jar -> **CVE-2017-1000487** Would it be possible to help bump the version of plexus utils please? Thank you -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
