why we are using plexus-cipher-1.4.jar.
1. What is this component user for?
2. The requested version was released in 2009. The latest version was released in 2011. The team certainly had opportunity to use the latest version, why isn't it using the latest version?
This file is used in embedded maven for jbpm, but we have seen some security issues with this file. Is there any plan to upgrade to higher version. or can we exclude this jar dependency