Chainguard's new CVE remediation capability gives Java shops a fourth option beyond exceptions, DIY backports, and disruptive upgrades — a drop-in fix that keeps scanners and auditors happy.