Extended document-info-with-pdf with additional fields. #175
An automation triggered a pipeline warning
Found 2 vulnerabilities. An additional 0 vulnerabilities have been marked as unaffected.
Output from Automations
4 rules were checked:
If a new dependency is added where the license risk is at least medium
then notify all users in the group admins and all users in the group users by email
✔️ The rule did not trigger. Manage rule
If a dependency contains a vulnerability which has not been marked as unaffected and which has not triggered this rule for this dependency before
then notify all users in the group users and all users in the group admins by email
✔️ The rule did not trigger. Manage rule
If there is a dependency where the license risk is at least high
then send a pipeline warning
| Dependency | Dependency Licenses |
|---|---|
| com.sun.xml.bind:jaxb-core (Maven) | CDDL-1.1, GPL-2.0-only, GPL-2.0-only WITH Classpath-exception-2.0 |
| com.sun.xml.bind:jaxb-impl (Maven) | CDDL-1.1, GPL-2.0-only, GPL-2.0-only WITH Classpath-exception-2.0 |
| javax.xml.bind:jaxb-api (Maven) | CDDL-1.0, CDDL-1.1, GPL-2.0-only, GPL-2.0-only WITH Classpath-exception-2.0 |
If a dependency contains a vulnerability which has not been marked as unaffected
then send a pipeline warning
| Vulnerability | CVSS2 | CVSS3 | Dependency | Dependency Licenses |
|---|---|---|---|---|
| CVE-2025-48924 | N/A | 5.3 | org.apache.commons:commons-lang3 (Maven) | Apache-2.0 |
| CVE-2025-68161 | N/A | N/A | org.apache.logging.log4j:log4j-core (Maven) | Apache-2.0 |