Open
Description
This is related to "Report only those fixed versions that are greater than the affected version" #1228.
The question:
Do we want to display/report the most relevant/best fixed by version -- however we define "relevant"/"best" -- or do we also want to check whether that version has any vulnerabilities of its own and display/report only a vulnerability-free fixed by version? The way we currently define fixed by and organize the data in the DB, there are instances where all of the fixed by versions have vulnerabilities of their own -- none has 0 vulnerabilities.