Dependency check fails on CVE-2015-2944 for Sling Resource Merger 1.4.0

Failed to execute goal org.owasp:dependency-check-maven:5.3.0:check (check-dependencies-for-vulnerabilities) on project dependencies:

One or more dependencies were identified with vulnerabilities:

org.apache.sling.resourcemerger-1.4.0.jar: CVE-2015-2944

See the dependency-check report for more details.