Status
Justification
Impact
The affected component's suffix is non-standard for Maven parsing. It supports "." as a delimiter, but treats jre11 as an unknown qualifier that sorts after known ones (alpha, beta, rc, ga, etc.), which breaks version matching. This vulnerability was resolved in flyway 11.16.0 and above[1]. [1] https://documentation.red-gate.com/flyway/release-notes-and-older-versions/release-notes-for-flyway-engine
Status
Status
Fixed version
11.15.0-r1Status
Justification
Impact
We updated to mssql-jdbc-12.10.2.jre11 which is a fixed version, but the version string matching doesn't seem to work well with the .jre11 suffix.
Status