...
November 14, 2024
FLEXDEPLOY-13546 - FlexDeploy ships with a version of False Positive - A security scanner indicated that nimbus-jose-jwt that is 9.37.2 was vulnerable to CVE-2023-52428. This will be addressed in a future FlexDeploy versionwas a false positive. It is possible that your scanner may find the same result, but it is incorrect. 9.37.2 was the version that had the fix for this CVE.
FLEXDEPLOY-13547 - FlexDeploy ships with a version of commons-io that is vulnerable to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47554. This will be addressed in a future FlexDeploy version.
...