Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Version matching / sorting fails for maven with string suffix
-
Hi,
for Versions, that have a string suffix, like "2.3.23.Final" the vulnerability matching doesn't work. Most probably the root cause is the failing sort. Regarding the improper sort, see attached screenshot.
Example regarding vulnerability matching:
PGV: https://security.inedo.com/vulnerability/details/PGV-2314320
io.undertow:undertow-core ≥ 2.3.0 & < 2.3.5.Final, < 2.2.24.Final
but even versions > 2.3.5.Final are still marked with severe (like the 2.3.23.Final).
Best regards