<![CDATA[Version matching / sorting fails for maven with string suffix]]>Hi,
for Versions, that have a string suffix, like "2.3.23.Final" the vulnerability matching doesn't work. Most probably the root cause is the failing sort. Regarding the improper sort, see attached screenshot.
Example regarding vulnerability matching:
PGV: https://security.inedo.com/vulnerability/details/PGV-2314320
io.undertow:undertow-core ≥ 2.3.0 & < 2.3.5.Final, < 2.2.24.Final
but even versions > 2.3.5.Final are still marked with severe (like the 2.3.23.Final).

image (1).png

Best regards

]]>https://forums.inedo.com/topic/5745/version-matching-sorting-fails-for-maven-with-string-suffixRSS for NodeFri, 08 May 2026 11:41:26 GMTFri, 08 May 2026 04:50:05 GMT60<![CDATA[Reply to Version matching / sorting fails for maven with string suffix on Fri, 08 May 2026 04:50:05 GMT]]>Hi,
for Versions, that have a string suffix, like "2.3.23.Final" the vulnerability matching doesn't work. Most probably the root cause is the failing sort. Regarding the improper sort, see attached screenshot.
Example regarding vulnerability matching:
PGV: https://security.inedo.com/vulnerability/details/PGV-2314320
io.undertow:undertow-core ≥ 2.3.0 & < 2.3.5.Final, < 2.2.24.Final
but even versions > 2.3.5.Final are still marked with severe (like the 2.3.23.Final).

image (1).png

Best regards

]]>https://forums.inedo.com/post/19651https://forums.inedo.com/post/19651Fri, 08 May 2026 04:50:05 GMT