Our security scanner reports lib org.apache.velocity_velocity which is used in your sources as vulnerable.
This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
CVE Description: NVD - cve-2020-13936
Package: search-guard-7/velocity-1.7.jar
Affected Versions: up to 2.2
Could you please update library version to fix this issue, or confirm that you don’t allow users to upload/modify velocity templates at all.