You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What would you like to be added:
Maven packages seems to completely miss deprecation and end-of-life status. An example here is log4j 1.x, that shows no deprecated versions https://www.xeol.io/explorer/package/Maven/log4j%3Alog4j. Randomly checking it seems Maven packages do not have this correctly recorded, but also I could not find a way to reliable get this from mvnrepository. However, it is correctly recorded on endoflife.date, but that API does not have pURL support currently.
So I assume based on this I would start a brainstorm thread here on how to solve it, I would even contribute code if someone has an idea.
Why is this needed:
Almost missed log4j-1.2.17.jar. Xeol does not report it, trivy says "affected" status and grype says "not-fixed" which are often filtered/ignored in productions where scaling is needed
The text was updated successfully, but these errors were encountered:
What would you like to be added:
Maven packages seems to completely miss deprecation and end-of-life status. An example here is log4j 1.x, that shows no deprecated versions https://www.xeol.io/explorer/package/Maven/log4j%3Alog4j. Randomly checking it seems Maven packages do not have this correctly recorded, but also I could not find a way to reliable get this from mvnrepository. However, it is correctly recorded on endoflife.date, but that API does not have pURL support currently.
So I assume based on this I would start a brainstorm thread here on how to solve it, I would even contribute code if someone has an idea.
Why is this needed:
Almost missed log4j-1.2.17.jar. Xeol does not report it, trivy says "affected" status and grype says "not-fixed" which are often filtered/ignored in productions where scaling is needed
The text was updated successfully, but these errors were encountered: