CVE

[martijndebruijn]

I'm using netty version 2.0.50.Final (currently the latest version). However the OWASP check fails due to multiple CVE issues.
Some of the issues are quite old. Are these CVE issues under investigation?

[ERROR] One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '7,0':
[ERROR]
[ERROR] netty-tcnative-boringssl-static-2.0.50.Final-linux-x86_64.jar: CVE-2015-1346, CVE-2011-1797, CVE-2017-7000, CVE-2015-1205
[ERROR] netty-tcnative-classes-2.0.50.Final.jar: CVE-2019-16869, CVE-2015-2156, CVE-2021-37136, CVE-2021-37137, CVE-2019-20445, CVE-2019-20444

[normanmaurer]

@martijndebruijn netty-tcnative-classes has no dependencies on netty itself so I think the OWASP check has a bug ?