Kudos to your security team for scanning, and thank you for raising and reporting this! I like Jan’s suggestion for a more immediate solution. I am wondering however, is this a false positive or is this actually malware? Is there any way to further track this down? @Alison_Park - I don’t know if your security team is willing to share what they used to scan the JAR, but I think it would be helpful to have that information to track down if this is a real concern or not (seems more likely to be a false positive, but always better to confirm). I’m happy to do some digging, unless someone already has the answer.