This was resolved with RESTEASY-2843
 and will be included
in 3.15.2. However it's not a critical CVE and it's has an easy workaround
of using an ExceptionMapper or another way of not having endpoints return
the raw exception.
On Tue, Apr 27, 2021 at 3:42 AM Aishwarya soma <aishsoma555(a)gmail.com>
our sonatype scan reported below vulnerability for RestEasy jaxrs
Final.CVE-2021-20289 when will be a new version release with this fix.
resteasy-dev mailing list -- resteasy-dev(a)lists.jboss.org
To unsubscribe send an email to resteasy-dev-leave(a)lists.jboss.org
James R. Perkins
JBoss by Red Hat