[jira] [Created] (JCRVLT-640) RCP bundle: Get rid of Sling dependencies

Konrad Windszus (Jira) Fri, 24 Jun 2022 06:42:17 -0700

Konrad Windszus created JCRVLT-640:
--------------------------------------

             Summary: RCP bundle: Get rid of Sling dependencies
                 Key: JCRVLT-640
                 URL: https://issues.apache.org/jira/browse/JCRVLT-640
             Project: Jackrabbit FileVault
          Issue Type: Improvement
            Reporter: Konrad Windszus
            Assignee: Konrad Windszus



The RCP bundle should not depend on any Sling bundles. This would also fix the 
vulnerability issue currently detected in Sling API failing the build: 

{code}
One or more dependencies were identified with known vulnerabilities in Apache 
Jackrabbit FileVault RCP Server Bundle:

org.apache.sling.api-2.16.4.jar 
(pkg:maven/org.apache.sling/[email protected], 
cpe:2.3:a:apache:sling:2.16.4:*:*:*:*:*:*:*, 
cpe:2.3:a:apache:sling_api:2.16.4:*:*:*:*:*:*:*) : CVE-2022-32549
{code}
(https://ci-builds.apache.org/blue/organizations/jenkins/Jackrabbit%2Ffilevault/detail/master/135/pipeline)






--
This message was sent by Atlassian Jira
(v8.20.7#820007)

[jira] [Created] (JCRVLT-640) RCP bundle: Get rid of Sling dependencies

Reply via email to