You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by "Konrad Windszus (Jira)" <ji...@apache.org> on 2022/06/24 13:42:00 UTC

[jira] [Created] (JCRVLT-640) RCP bundle: Get rid of Sling dependencies

Konrad Windszus created JCRVLT-640:
--------------------------------------

             Summary: RCP bundle: Get rid of Sling dependencies
                 Key: JCRVLT-640
                 URL: https://issues.apache.org/jira/browse/JCRVLT-640
             Project: Jackrabbit FileVault
          Issue Type: Improvement
            Reporter: Konrad Windszus
            Assignee: Konrad Windszus


The RCP bundle should not depend on any Sling bundles. This would also fix the vulnerability issue currently detected in Sling API failing the build: 

{code}
One or more dependencies were identified with known vulnerabilities in Apache Jackrabbit FileVault RCP Server Bundle:

org.apache.sling.api-2.16.4.jar (pkg:maven/org.apache.sling/org.apache.sling.api@2.16.4, cpe:2.3:a:apache:sling:2.16.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:sling_api:2.16.4:*:*:*:*:*:*:*) : CVE-2022-32549
{code}
(https://ci-builds.apache.org/blue/organizations/jenkins/Jackrabbit%2Ffilevault/detail/master/135/pipeline)






--
This message was sent by Atlassian Jira
(v8.20.7#820007)