Jgraph vulnarabilities

Currently flowable-bpmn-layout depends on org.tinyjee.jgraphx:jgraphx:1.10.4.1. This version is 10 years old. but even with newer one where is known vulnerability CVE-2017-18197. jgraphx looks like not maintained at all.

Is there any plans to migrate to something else or remove flowable-bpmn-layout at all?