[
https://issues.apache.org/jira/browse/JCRVLT-156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Julian Reschke updated JCRVLT-156:
----------------------------------
Description:
The pom currently references unstable releases of Jackrabbit and Oak. Is this
necessary?
Also, other dependencies should be reviewed as well. For instance,
commons-collections should be updated to 3.2.2 (see
https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-32731/version_id-187982/Apache-Commons-Collections-3.2.1.html)
was:
The pom currently references unstable releases of Jackrabbit and Oak. Is this
necessary?
Also, other dependencies should be reviewed as well. For instance,
commons-collections should be update to 3.2.2 (see
https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-32731/version_id-187982/Apache-Commons-Collections-3.2.1.html)
> Review dependencies
> -------------------
>
> Key: JCRVLT-156
> URL: https://issues.apache.org/jira/browse/JCRVLT-156
> Project: Jackrabbit FileVault
> Issue Type: Task
> Affects Versions: 3.1.36
> Reporter: Julian Reschke
>
> The pom currently references unstable releases of Jackrabbit and Oak. Is this
> necessary?
> Also, other dependencies should be reviewed as well. For instance,
> commons-collections should be updated to 3.2.2 (see
> https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-32731/version_id-187982/Apache-Commons-Collections-3.2.1.html)
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
