KemalSoysal commented on PR #28: URL: https://github.com/apache/maven-deploy-plugin/pull/28#issuecomment-1559092588
> Not sure what CVEs has to do with anything. We absolutely do **NOT** want to address CVEs with the same pom.xml. A fix for a CVE should and MUST have a new version so it can be clearly distinguished which version is in use and whether it's vulnerable or not. Well, how do you want to mark a CVE in the original problematic coordinate? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org