Change theme
Help
Press space for more information.
Show links for this issue (Shortcut: i, l)
Copy issue ID
Previous Issue (Shortcut: k)
Next Issue (Shortcut: j)
Sign in to use full features.
Vote: I am impacted
Notification menu
Refresh (Shortcut: Shift+r)
Go home (Shortcut: u)
Pending code changes (auto-populated)
View issue level access limits(Press Alt + Right arrow for more information)
Unintended behavior
View staffing
Description
Problem you have encountered: The Maven package has been upgraded to the fixed version (has multiple versions for the fix), but a false positive is occurring as it's still being reported as vulnerable. This is due to Artifact Analysis not adhering exactly to the Maven
What you expected to happen: After the vulnerability is fixed, it should no longer appear in image scans
Steps to reproduce: Given an example tomcat vulnerability -
Other information (workarounds you have tried, documentation consulted, etc): If you have already applied the recommended fixes for the latest vulnerabilities, the flagged images for that package should not be affected.
At this time, the fix is still in progress until this bug is marked as Fixed.