You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by "Konrad Windszus (Jira)" <ji...@apache.org> on 2022/06/24 13:42:00 UTC
[jira] [Created] (JCRVLT-640) RCP bundle: Get rid of Sling dependencies
Konrad Windszus created JCRVLT-640:
--------------------------------------
Summary: RCP bundle: Get rid of Sling dependencies
Key: JCRVLT-640
URL: https://issues.apache.org/jira/browse/JCRVLT-640
Project: Jackrabbit FileVault
Issue Type: Improvement
Reporter: Konrad Windszus
Assignee: Konrad Windszus
The RCP bundle should not depend on any Sling bundles. This would also fix the vulnerability issue currently detected in Sling API failing the build:
{code}
One or more dependencies were identified with known vulnerabilities in Apache Jackrabbit FileVault RCP Server Bundle:
org.apache.sling.api-2.16.4.jar (pkg:maven/org.apache.sling/org.apache.sling.api@2.16.4, cpe:2.3:a:apache:sling:2.16.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:sling_api:2.16.4:*:*:*:*:*:*:*) : CVE-2022-32549
{code}
(https://ci-builds.apache.org/blue/organizations/jenkins/Jackrabbit%2Ffilevault/detail/master/135/pipeline)
--
This message was sent by Atlassian Jira
(v8.20.7#820007)