Replies: 1 comment 3 replies
-
|
We believe that none of these vulnerabilities affect EJBCA. See previous post regarding WildFly 26. |
Beta Was this translation helpful? Give feedback.
-
|
On one side, we do a similar thing for the vulnerabilities. but not everyone has the same opinion. some of our stakeholders prefer as clean as possible for the vulnerabilities. |
Beta Was this translation helpful? Give feedback.
-
|
You are of course free to update things for your stake holders as fast as you need. we track CVEs for the dependencies under lib but sometimes it can take a while to be released if it doesn't affect EJBCA in a serious/relevant way If there is anything you find in EJBCA a PR would be appreciated. PRs will be attended to quickly. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for scanner report. We will make sure dependencies noted (nimbus-jose and primefaces) are updated for the next release. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
from the trivy scan, there are some critical vulnerabilities linked to ejbca 8 and wildfly 26.
would you treat these vulnerabilities soon? wildfly 26 is a little bit out of date too.
I attached the result.
Thank you in advance!
EJBCA-CE from docker.io - offici_eeed67af64f54910af2d0c05947ab53f-250124-1453-210.pdf
Best regards,
Yi SONG
Beta Was this translation helpful? Give feedback.
All reactions