Describe the bug
quickfixj-core:3.0.0 depends on mina-core:2.2.4 which is affected by two CVEs: CVE-2026-41635 and CVE-2026-41409.
I saw Christoph's comment in #1203 regarding one of these CVE's but the IT security divisions of many organizations, including ours, do not really care if things are used or not. We are subject to automated scans of all deployed software with vulnerabilities automatically detected. If they detect a CVE it gets automatically flagged.
To Reproduce
n/a
Expected behavior
0 CVE vulnerabilites in mina-core version
system information:
n/a
Additional context
n/a
Describe the bug
quickfixj-core:3.0.0 depends on mina-core:2.2.4 which is affected by two CVEs: CVE-2026-41635 and CVE-2026-41409.
I saw Christoph's comment in #1203 regarding one of these CVE's but the IT security divisions of many organizations, including ours, do not really care if things are used or not. We are subject to automated scans of all deployed software with vulnerabilities automatically detected. If they detect a CVE it gets automatically flagged.
To Reproduce
n/a
Expected behavior
0 CVE vulnerabilites in mina-core version
system information:
n/a
Additional context
n/a