Hi SonaType Team
Our vuln scanner caught the recent finding for Shiro
https://nvd.nist.gov/vuln/detail/CVE-2022-40664
https://lists.apache.org/thread/loc2ktxng32xpy7lfwxto13k4lvnhjwg
Specifically, the following jars
/srv/nexus-3.38.0-01/system/org/apache/shiro/shiro-core/1.8.0/shiro-core-1.8.0.jar
/srv/nexus-3.38.0-01/system/org/apache/shiro/shiro-guice/1.8.0/shiro-guice-1.8.0.jar
/srv/nexus-3.38.0-01/system/org/apache/shiro/shiro-web/1.8.0/shiro-web-1.8.0.jar
When can we expect a build to resolve the finding?
Thanks