You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
BlackDuck scan reports vulnerabilities in the PCRE2 component. This component is reference by Microsoft.Azure.Cosmos.ServiceInterop.dll
The version of Microsoft.Azure.Cosmos.ServiceInterop.dll is 2.14
We are using Microsoft.Azure.Cosmos v3.43.0 NuGet Package.
According to discussion in this issue, the first two vulnerabilities don't apply as PCRE is not used with JIT enabled.
The version of PCRE2 being used is still 10.34. I have gotten this information from ThirdPartyNotice.txt on the Microsoft.Azure.Cosmos.Direct package as mentioned in above issue. Black Duck suggests that 10.44 doesn't have any vulnerabilities.
Can we get an update on the 3rd issue if the version of PCRE2 can't be upgraded?
The text was updated successfully, but these errors were encountered:
BlackDuck scan reports vulnerabilities in the PCRE2 component. This component is reference by Microsoft.Azure.Cosmos.ServiceInterop.dll
The version of Microsoft.Azure.Cosmos.ServiceInterop.dll is 2.14
We are using Microsoft.Azure.Cosmos v3.43.0 NuGet Package.
Below are the Black Duck issues reported:
According to discussion in this issue, the first two vulnerabilities don't apply as PCRE is not used with JIT enabled.
The version of PCRE2 being used is still 10.34. I have gotten this information from ThirdPartyNotice.txt on the Microsoft.Azure.Cosmos.Direct package as mentioned in above issue. Black Duck suggests that 10.44 doesn't have any vulnerabilities.
Can we get an update on the 3rd issue if the version of PCRE2 can't be upgraded?
The text was updated successfully, but these errors were encountered: