Uploaded image for project: 'SonarABAP'
  1. SonarABAP
  2. SONARABAP-421

Remove SCA vulnerability noise by upgrading Guava and commons-io

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.8
    • Fix Version/s: 3.9
    • Component/s: Plugin
    • Labels:
      None
    • Estimate:
      Minutes

      Description

      The ABAP plugin bundles two dependencies with vulnerabilities referenced in NVD:

      These vulnerabilities are not exploitable but raise false-positives in security audits. Upgrading to Guava 24.1.1+ and commons-io 2.8.0+ will kill the noise.

      See https://discuss.sonarsource.com/t/potential-vulnerabilities-in-the-dependencies-bundled-with-analyzers/4956/7

        Attachments

          Activity

            People

            Assignee:
            pavel.mikula Pavel Mikula
            Reporter:
            simon.brandhof Simon Brandhof (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Due:
              Created:
              Updated:
              Resolved: