[BLOSSOM-287] Only check CVEs for Spring framework dependencies Created: 15/Dec/21  Updated: 24/Mar/22  Resolved: 05/Jan/22

Status: Closed
Project: Blossom
Component/s: None
Affects Version/s: None
Fix Version/s: 3.5.0

Type: Task Priority: Neutral
Reporter: Federico Grilli Assignee: Federico Grilli
Resolution: Done Votes: 0
Labels: artt, security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoR:
Empty

 Description   

See BUILD-611. In this case, log4j dependency comes transitively via Magnolia's bom/main and does not affect the blossom module itself directly.
Third-party libraries unrelated to Spring are already scanned for CVEs in dx-core and add-ons.


Generated at Sun Feb 11 23:31:59 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.