fix: update Bottin repository link in README.md #7
23 new problems found by Qodana for JVM
Qodana for JVM
23 new problems were found
| Inspection name | Severity | Problems |
|---|---|---|
Vulnerable declared dependency |
🔶 Warning | 3 |
Mismatched query and update of collection |
🔶 Warning | 1 |
Vulnerable declared dependency |
◽️ Notice | 19 |
☁️ View the detailed Qodana report
Detected 74 dependencies
Third-party software list
This page lists the third-party software dependencies used in project
| Dependency | Version | Licenses |
|---|---|---|
| annotations | 13.0 | Apache-2.0 |
| aspectjweaver | 1.9.25.1 | BSD-3-Clause |
| bcprov-jdk18on | 1.81 | MIT |
| byte-buddy | 1.17.8 | Apache-2.0 |
| commons-lang3 | 3.17.0 | Apache-2.0 |
| commons-math3 | 3.6.1 | Apache-2.0 |
| commons-text | 1.12.0 | Apache-2.0 |
| hdrhistogram | 2.2.2 | BSD-2-Clause |
| jackson-annotations | 2.17.0 | Apache-2.0 |
| jackson-core | 2.17.0 | Apache-2.0 |
| jackson-databind | 2.17.0 | Apache-2.0 |
| jackson-datatype-jdk8 | 2.17.0 | Apache-2.0 |
| jackson-datatype-jsr310 | 2.17.0 | Apache-2.0 |
| jackson-module-blackbird | 2.17.0 | BSD-3-CLAUSE-NO-TRADEMARK |
| jackson-module-parameter-names | 2.17.0 | Apache-2.0 |
| jakarta.annotation-api | 2.1.1 | Classpath-exception-2.0 EPL-2.0 GPL-2.0-only |
| jmh-core | 1.37 | GPL-2.0-only ORACLE-OPENJDK-EXCEPTION-2.0 |
| jmh-generator-annprocess | 1.37 | GPL-2.0-only ORACLE-OPENJDK-EXCEPTION-2.0 |
| jopt-simple | 5.0.4 | MIT |
| jul-to-slf4j | 2.0.17 | MIT |
| kotlin-stdlib-common | 1.9.25 | Apache-2.0 |
| kotlin-stdlib-jdk7 | 1.9.25 | Apache-2.0 |
| kotlin-stdlib-jdk8 | 1.9.25 | Apache-2.0 |
| kotlin-stdlib | 1.9.25 | Apache-2.0 |
| latencyutils | 2.0.3 | CC0-1.0 |
| log4j-api | 2.24.3 | Apache-2.0 |
| log4j-to-slf4j | 2.24.3 | Apache-2.0 |
| logback-classic | 1.5.15 | EPL-1.0 LGPL-2.0-or-later |
| logback-core | 1.5.15 | EPL-1.0 LGPL-2.0-or-later |
| lombok | 1.18.32 | BSD-3-CLAUSE-NO-TRADEMARK MIT |
| micrometer-commons | 1.14.3 | Apache-2.0 |
| micrometer-core | 1.14.3 | Apache-2.0 |
| micrometer-jakarta9 | 1.14.3 | Apache-2.0 |
| micrometer-observation | 1.14.3 | Apache-2.0 |
| nostr-java-api | 1.2.0 | MIT |
| nostr-java-base | 1.2.0 | MIT |
| nostr-java-client | 1.2.0 | MIT |
| nostr-java-crypto | 1.2.0 | MIT |
| nostr-java-encryption | 1.2.0 | MIT |
| nostr-java-event | 1.2.0 | MIT |
| nostr-java-id | 1.2.0 | MIT |
| nostr-java-util | 1.2.0 | MIT |
| okhttp | 4.12.0 | Apache-2.0 |
| okio-jvm | 3.6.0 | Apache-2.0 |
| okio | 3.6.0 | Apache-2.0 |
| slf4j-api | 2.0.12 | MIT |
| snakeyaml | 2.4 | Apache-2.0 |
| spring-aop | 6.2.15 | Apache-2.0 |
| spring-aspects | 6.2.15 | Apache-2.0 |
| spring-beans | 6.2.15 | Apache-2.0 |
| spring-boot-actuator-autoconfigure | 3.5.9 | Apache-2.0 |
| spring-boot-actuator | 3.5.9 | Apache-2.0 |
| spring-boot-autoconfigure | 3.5.9 | Apache-2.0 |
| spring-boot-configuration-processor | 3.5.9 | Apache-2.0 |
| spring-boot-starter-actuator | 3.5.9 | Apache-2.0 |
| spring-boot-starter-json | 3.5.9 | Apache-2.0 |
| spring-boot-starter-logging | 3.5.9 | Apache-2.0 |
| spring-boot-starter-tomcat | 3.5.9 | Apache-2.0 |
| spring-boot-starter-web | 3.5.9 | Apache-2.0 |
| spring-boot-starter-websocket | 3.5.9 | Apache-2.0 |
| spring-boot-starter | 3.5.9 | Apache-2.0 |
| spring-boot | 3.5.9 | Apache-2.0 |
| spring-context | 6.2.15 | Apache-2.0 |
| spring-core | 6.2.15 | Apache-2.0 |
| spring-expression | 6.2.15 | Apache-2.0 |
| spring-jcl | 6.2.15 | Apache-2.0 |
| spring-messaging | 6.2.15 | Apache-2.0 |
| spring-retry | 2.0.12 | Apache-2.0 |
| spring-web | 6.2.15 | Apache-2.0 |
| spring-webmvc | 6.2.15 | Apache-2.0 |
| spring-websocket | 6.2.15 | Apache-2.0 |
| tomcat-embed-core | 10.1.50 | Apache-2.0 CDDL-1.0 PROPRIETARY-LICENSE |
| tomcat-embed-el | 10.1.50 | Apache-2.0 |
| tomcat-embed-websocket | 10.1.50 | Apache-2.0 |
Contact Qodana team
Contact us at qodana-support@jetbrains.com
- Or via our issue tracker: https://jb.gg/qodana-issue
- Or share your feedback: https://jb.gg/qodana-discussions
Details
This result was published with Qodana GitHub Action
Annotations
github-actions / Qodana for JVM
Mismatched query and update of collection
Contents of collection `headers` are updated, but never queried
Check notice on line 92 in nsecbunker-tests/nsecbunker-security/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:ch.qos.logback:logback-core:1.5.15
* [CVE-2025-11226](https://www.mend.io/vulnerability-database/CVE-2025-11226?utm_source=JetBrains) 6.9 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check notice on line 22 in nsecbunker-admin/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0
* [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check notice on line 32 in nsecbunker-protocol/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0
* [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check notice on line 19 in nsecbunker-tests/nsecbunker-security/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0
* [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check notice on line 92 in nsecbunker-tests/nsecbunker-perf/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:ch.qos.logback:logback-core:1.5.15
* [CVE-2025-11226](https://www.mend.io/vulnerability-database/CVE-2025-11226?utm_source=JetBrains) 6.9 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check notice on line 66 in nsecbunker-tests/nsecbunker-it/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:ch.qos.logback:logback-core:1.5.15
* [CVE-2025-11226](https://www.mend.io/vulnerability-database/CVE-2025-11226?utm_source=JetBrains) 6.9 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check notice on line 54 in nsecbunker-tests/nsecbunker-e2e/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0
* [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check notice on line 28 in nsecbunker-connection/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0
* [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check notice on line 49 in nsecbunker-tests/nsecbunker-perf/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0
* [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check notice on line 22 in nsecbunker-spring-boot-starter/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0
* [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check notice on line 76 in nsecbunker-tests/nsecbunker-e2e/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:ch.qos.logback:logback-core:1.5.15
* [CVE-2025-11226](https://www.mend.io/vulnerability-database/CVE-2025-11226?utm_source=JetBrains) 6.9 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check notice on line 25 in nsecbunker-tests/nsecbunker-it/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0
* [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check notice on line 78 in nsecbunker-tests/nsecbunker-chaos/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:ch.qos.logback:logback-core:1.5.15
* [CVE-2025-11226](https://www.mend.io/vulnerability-database/CVE-2025-11226?utm_source=JetBrains) 6.9 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check notice on line 22 in nsecbunker-monitoring/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0
* [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check notice on line 36 in nsecbunker-client/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0
* [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check warning on line 112 in nsecbunker-tests/nsecbunker-e2e/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:org.apache.commons:commons-compress:1.24.0
* [CVE-2024-25710](https://www.mend.io/vulnerability-database/CVE-2024-25710?utm_source=JetBrains) 8.1 Loop with Unreachable Exit Condition ('Infinite Loop')
* [CVE-2024-26308](https://www.mend.io/vulnerability-database/CVE-2024-26308?utm_source=JetBrains) 5.5 Allocation of Resources Without Limits or Throttling
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check warning on line 51 in nsecbunker-tests/nsecbunker-it/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:org.apache.commons:commons-compress:1.24.0
* [CVE-2024-25710](https://www.mend.io/vulnerability-database/CVE-2024-25710?utm_source=JetBrains) 8.1 Loop with Unreachable Exit Condition ('Infinite Loop')
* [CVE-2024-26308](https://www.mend.io/vulnerability-database/CVE-2024-26308?utm_source=JetBrains) 5.5 Allocation of Resources Without Limits or Throttling
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check warning on line 118 in nsecbunker-tests/nsecbunker-perf/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:org.apache.commons:commons-compress:1.24.0
* [CVE-2024-25710](https://www.mend.io/vulnerability-database/CVE-2024-25710?utm_source=JetBrains) 8.1 Loop with Unreachable Exit Condition ('Infinite Loop')
* [CVE-2024-26308](https://www.mend.io/vulnerability-database/CVE-2024-26308?utm_source=JetBrains) 5.5 Allocation of Resources Without Limits or Throttling
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check notice on line 44 in nsecbunker-tests/nsecbunker-chaos/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0
* [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check notice on line 40 in nsecbunker-spring-boot-starter/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:ch.qos.logback:logback-core:1.5.15
* [CVE-2025-11226](https://www.mend.io/vulnerability-database/CVE-2025-11226?utm_source=JetBrains) 6.9 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check notice on line 22 in nsecbunker-core/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0
* [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
Check notice on line 22 in nsecbunker-account/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:org.apache.commons:commons-lang3:3.17.0
* [CVE-2025-48924](https://www.mend.io/vulnerability-database/CVE-2025-48924?utm_source=Jetbrains) 5.3 Insufficient Information
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)
github-actions / Qodana for JVM
Mismatched query and update of collection
Contents of collection `headers` are updated, but never queried
Check notice on line 92 in nsecbunker-tests/nsecbunker-security/pom.xml
github-actions / Qodana for JVM
Vulnerable declared dependency
Provides transitive vulnerable dependency maven:ch.qos.logback:logback-core:1.5.15
* [CVE-2025-11226](https://www.mend.io/vulnerability-database/CVE-2025-11226?utm_source=JetBrains) 6.9 Conditional processing of logback.xml configuration file, in conjuction with Spring Framework and Janino
Results powered by [Mend.io](https://www.mend.io/jetbrains-lp/?utm_source=JetBrains)