You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you look at pom.xml you'll see that the CVEs you mention apply to libraries that are not required to use the library itself. One of the CVEs applies to JUnit which is used when running unit tests, the other is used when running the demos. Neither of them need to be on the runtime class path. If, in using the library, you want to use logback, you could use any later version, since Tnm4j integrates logging through slf4j rather than using logback directly.
That said, neither of these vulnerabilities is particularly difficult to fix (just version bumps to later versions). I just updated master to use a later version of the parent POM which should version bump those dependencies to versions that aren't vulnerable to those CVEs.
See https://mvnrepository.com/artifact/org.soulwing.snmp/tnm4j/1.1.1
The text was updated successfully, but these errors were encountered: