Removed an unused SSH reference mistakenly flagged as a vulnerability.

Text files containing literals that reference a package version number do not pose a security problem if they are not actually used as a dependency. Such references are harmless and do not impact the security of the project. QSAs can verify the actual dependencies used by the jPOS project by examining the MANIFEST.MF file of the top-level JAR. Only the dependencies listed there are part of the classloader. Any references not included in the MANIFEST.MF are not loaded and thus do not affect the project.
jpos · Aug 26, 2024 · 53b8762 · 53b8762
1 parent f510263
commit 53b8762
Showing 1 changed file with 0 additions and 3 deletions.
diff --git a/libraries.gradle b/libraries.gradle
@@ -75,9 +75,6 @@ ext {
             //Mail
             javax_mail: 'javax.mail:javax.mail-api:1.6.2',
 
-            //SSHD
-            sshd: 'org.apache.sshd:sshd-core:2.13.2',
-
             //Servlet API
             servlet_api: "javax.servlet:javax.servlet-api:${servletApiVersion}",