weixin_39626745
weixin_39626745
2021-01-07 03:17

Apache OFBiz and Apache Tomcat 8.0.33

I use OWASP Dependency Check to check OFBiz 3rd parties libs. We use Tomcat embedded in OFBiz. When I recently upgraded to Tomcat 8.0.33 (from 7.0.68) I found that all Tomcat libs we use needed 2 or 3 suppressions. Please see the link ("Here is the last suppress file") to our suppress.xml file at https://cwiki.apache.org/confluence/display/OFBIZ/About+OWASP+Dependency+Check.

Would there be a way to avoid that, with only one suppression for the whole Tomcat libs for instance?

Thanks!

该提问来源于开源项目:jeremylong/DependencyCheck

  • 点赞
  • 回答
  • 收藏
  • 复制链接分享

6条回答

为你推荐