You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Oliver Lietz (Jira)" <ji...@apache.org> on 2022/05/09 09:10:00 UTC

[jira] [Assigned] (SLING-11305) Request to create a new Apache Sling JCR Oak Server release

     [ https://issues.apache.org/jira/browse/SLING-11305?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oliver Lietz reassigned SLING-11305:
------------------------------------

    Assignee: Oliver Lietz

> Request to create a new Apache Sling JCR Oak Server release
> -----------------------------------------------------------
>
>                 Key: SLING-11305
>                 URL: https://issues.apache.org/jira/browse/SLING-11305
>             Project: Sling
>          Issue Type: Improvement
>          Components: Oak
>    Affects Versions: Starter 12
>            Reporter: Yuri Simione
>            Assignee: Oliver Lietz
>            Priority: Major
>
> One of +the official Sling 12+ bundle, the *Apache Sling JCR Oak Server* ver 1.2.10 has some vulnerabilities originated by the Google Guava library. This bundle has been updated in 2021 and the dependency of the Guava library removed SLING-10029 Remove Guava dependency - ASF JIRA (apache.org). Although the vulnerability has been resolved I request to create a new release of the Apache Sling JCR Oak Server, to add the new release as one of the standard components of the Sling 12 official release, updating the Sling 12 download page as well.
> The update is important because the Apache Sling JCR Oak Server ver 1.2.10 is the latest release and because of the Google Guava dependency all the major Sling projects, like the Apache Sling Starter, still need this library.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)