Should Maven Central artifacts containing known vulnerable artifacts be reported?
I have developed a tool that can find Maven Central JAR artifacts that contain classes from known vulnerable JAR artifacts. This includes but is not limited to fat (uber) JARs, JAR bundles, and artifacts tagged with the -all identifier.
In… Continue reading Should Maven Central artifacts containing known vulnerable artifacts be reported?