You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Robert Munteanu (Jira)" <ji...@apache.org> on 2022/02/07 15:42:00 UTC

[jira] [Resolved] (SLING-7626) disclosure vulnerability affecting Apache Sling Servlets Post 2.3.6 and earlier versions

     [ https://issues.apache.org/jira/browse/SLING-7626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Munteanu resolved SLING-7626.
------------------------------------
    Resolution: Not A Problem

No feedback in 3+ years, closing.

> disclosure vulnerability affecting Apache Sling Servlets Post 2.3.6 and earlier versions
> ----------------------------------------------------------------------------------------
>
>                 Key: SLING-7626
>                 URL: https://issues.apache.org/jira/browse/SLING-7626
>             Project: Sling
>          Issue Type: Task
>    Affects Versions: Testing JCR Mock 1.3.2, Servlet Helpers 1.1.4, Testing Sling Mock 2.2.18
>            Reporter: Andy
>            Priority: Blocker
>
> There is a high security vulnerability from OWASP dependencies check scan affecting Apache Sling Servlets Post 2.3.6 and earlier versions. Please update to Apache Sling Servlets Post 2.3.8.
> This is the Adobe fixes for reference, but the following modules need to address this
> https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html 
> org.apache.sling.servlet-helpers-1.1.4.jar
> org.apache.sling.testing.sling-mock-2.2.18.jar
> org.apache.sling.testing.jcr-mock-1.3.2.jar
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)