Hi,
When I checked Apache OFBiz
https://ofbiz.apache.org/ Dependency Check did not return CVE-2014-0107
Since I fixed the issue at
https://issues.apache.org/jira/browse/OFBIZ-6905 if you want to check this by yourself you not only need to checkout OFBiz
trunk
svn co
http://svn.apache.org/repos/asf/ofbiz/trunkbut also revert r1730882
svn merge -c -1730882
https://svn.apache.org/repos/asf/ofbiz/trunkI just did that and attach the resulting dependency-check-report.html zipped
I have also created a page in our wiki where I explain how to use Dependency Check in our project. I put an up to date suppress file there.
Thanks for this great tool and your help.
Jacques
Locked
