The version of the javassist library used by the project (an indirect dependency that comes in through the Jersey client) has a serious vulnerability that has been addressed in newer versions. While this can be overridden by downstream consumers of SJC, it would be better if SJC forced a newer version so that downstream consumers don't have to.

Here is an example of how that can be done.

Moving this issue over to symphony-java-api, where it belongs.

See symphonyoss/symphony-java-api#3