Introduced in version 2.6 (released August 2021)
We introduced a new feature called Java Libraries. Now ACR reviews the user libraries in your application against known vulnerabilities. This rule reports vulnerabilities above a configurable level as violations. By default, all vulnerabilities classified as high or critical are reported as violations.
You find more information on the actual security vulnerability in our Java libraries feature:
