[
https://issues.apache.org/jira/browse/JCRVLT-640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konrad Windszus closed JCRVLT-640.
----------------------------------
> RCP bundle: Get rid of some Sling dependencies
> ----------------------------------------------
>
> Key: JCRVLT-640
> URL: https://issues.apache.org/jira/browse/JCRVLT-640
> Project: Jackrabbit FileVault
> Issue Type: Improvement
> Reporter: Konrad Windszus
> Assignee: Konrad Windszus
> Priority: Major
> Fix For: 3.6.4
>
>
> The RCP bundle should not depend on any Sling bundles. This would also fix
> the vulnerability issue currently detected in Sling API failing the build:
> {code}
> One or more dependencies were identified with known vulnerabilities in Apache
> Jackrabbit FileVault RCP Server Bundle:
> org.apache.sling.api-2.16.4.jar
> (pkg:maven/org.apache.sling/[email protected],
> cpe:2.3:a:apache:sling:2.16.4:*:*:*:*:*:*:*,
> cpe:2.3:a:apache:sling_api:2.16.4:*:*:*:*:*:*:*) : CVE-2022-32549
> {code}
> (https://ci-builds.apache.org/blue/organizations/jenkins/Jackrabbit%2Ffilevault/detail/master/135/pipeline)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
