You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Andy (JIRA)" <ji...@apache.org> on 2018/04/27 19:56:00 UTC

[jira] [Created] (SLING-7626) disclosure vulnerability affecting Apache Sling Servlets Post 2.3.6 and earlier versions

Andy created SLING-7626:
---------------------------

             Summary: disclosure vulnerability affecting Apache Sling Servlets Post 2.3.6 and earlier versions
                 Key: SLING-7626
                 URL: https://issues.apache.org/jira/browse/SLING-7626
             Project: Sling
          Issue Type: Task
    Affects Versions: Testing Sling Mock 2.2.18, Servlet Helpers 1.1.4, Testing JCR Mock 1.3.2
            Reporter: Andy


There is a high security vulnerability from OWASP dependencies check scan affecting Apache Sling Servlets Post 2.3.6 and earlier versions. Please update to Apache Sling Servlets Post 2.3.8.

This is the Adobe fixes for reference, but the following modules need to address this

https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html 

org.apache.sling.servlet-helpers-1.1.4.jar|

org.apache.sling.testing.sling-mock-2.2.18.jar

org.apache.sling.testing.jcr-mock-1.3.2.jar

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)