[jbosstools-issues] [JBoss JIRA] (JBDS-4613) Reduce CVE vulnerabilities in devstudio 11.2
Nick Boldt (JIRA)
issues at jboss.org
Fri Dec 8 11:04:01 EST 2017
[ https://issues.jboss.org/browse/JBDS-4613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13503536#comment-13503536 ]
Nick Boldt commented on JBDS-4613:
----------------------------------
[~jeffmaury] please respond to my question. Constantly slipping this out each sprint suggests that we don't actually want to address this. If that's the case, then please just close as WONTFIX.
> Reduce CVE vulnerabilities in devstudio 11.2
> --------------------------------------------
>
> Key: JBDS-4613
> URL: https://issues.jboss.org/browse/JBDS-4613
> Project: Red Hat JBoss Developer Studio (devstudio)
> Issue Type: Epic
> Components: 3rd-party-certification, 3rd-party-dependencies, upstream
> Affects Versions: 11.1.0.GA
> Reporter: Nick Boldt
> Assignee: Jeff MAURY
> Fix For: 11.2.0.AM3
>
>
> The list of CVE vulnerabilities has been steadily increasing in both 3rd party deps and even some org.jboss.tools plugins since Jan 2017.
> Is it time to do something about this, or should we just keep logging the volume of problems?
> https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Devstudio/view/jbosstools-releng/job/devstudio.cve.report/lastBuild/dependency-check-jenkins-pluginResult/ - *2658 warnings*
> https://dev-platform-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/Devstudio/view/jbosstools-releng/job/devstudio.cve.report-merged/lastBuild/dependency-check-jenkins-pluginResult/ - *1508 warnings*
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jbosstools-issues
mailing list