--
You received this message because you are subscribed to the Google Groups "Digital Curation" group.
To unsubscribe from this group and stop receiving emails from it, send an email to digital-curati...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/digital-curation/f2913c79-37fb-48e6-9b2d-6e079c3df22fn%40googlegroups.com.
--
Thanks, Chris and Kieran. I’m waiting to hear back on the results of the rescan since I updated the module. I suspected this might be a false-positive from the start and based on this and some other feedback, I’m almost certain. I’ll try to find out which tool they are using to identify the vulnerability and see if they can try to scan with another tool. I’ll report back with what I hear.
To view this discussion on the web visit https://groups.google.com/d/msgid/digital-curation/A6B10D69-0EFF-49A7-A5DA-34B845508A33%40improbable.org.
So, this turned out to be bagit-java (4.12.0). I forgot that back in 2017 I had pulled it down into a working directory that we no longer use on this server. No false-positive hits on bagit-python. Sorry for the false alarm!
Thanks,
Nathan
To view this discussion on the web visit https://groups.google.com/d/msgid/digital-curation/MN2PR02MB6911857199BB39518C8185BB8FC89%40MN2PR02MB6911.namprd02.prod.outlook.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/digital-curation/MN2PR02MB6911C69A191D276C67CCD6B58FCB9%40MN2PR02MB6911.namprd02.prod.outlook.com.