Hi, 

I'm trying to build a custom ( a few additional plugins ) container image from the one published on Github. A requirement that I have is that the container + application passes a security scan ( using trivy in this case ), meaning there should not be any fixed security issues in either. 

While scanning the jenkins.war file the below CVEs are reported:

• CVE-2023-2976
• CVE-2023-20862
• CVE-2016-1000027

I understand these are all related to dependencies and don't need to be fixed by the Jenkins team, I'm just wondering if it's something you are aware of and that will be fixed in a future release or if it's something not relevant to Jenkins at all. 

(Apologies if there's something very wrong in this, it's my first issue)