[
https://issues.apache.org/jira/browse/SLING-11305?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Yuri Simione updated SLING-11305:
---------------------------------
Description:
One of +the official Sling 12+ bundle, the *Apache Sling JCR Oak Server* ver
1.2.10 has some vulnerabilities originated by the Google Guava library. This
bundle has been updated in 2021 and all the dependency of the Guava library
removed [SLING-10029] Remove Guava dependency - ASF JIRA (apache.org). Although
the vulnerability has been resolved I request to create a new release of the
Apache Sling JCR Oak Server, to add the new release as one of the standard
components of the Sling 12 official release, updating the Sling 12 download
page as well.
The update is also important because the Apache Sling JCR Oak Server ver 1.2.10
is the latest release and because of the Google Guava dependency all the major
Sling projects, like the Apache Sling Starter, still need this library.
was:
One of +the official Sling 12+ bundle, the *Apache Sling JCR Oak Server* ver
1.2.10 has some vulnerabilities originated by the Google Guava library. This
bundle has been updated in 2021 and all the dependency of the Guava library
removed. I request to create a new release of the Apache Sling JCR Oak Server,
to add the new release as one of the standard components of the Sling 12
official release, updating the Sling 12 download page as well.
The update is also important because the Apache Sling JCR Oak Server ver 1.2.10
is the latest release and because of the Google Guava dependency all the major
Sling projects, like the Apache Sling Starter, still need this library.
> Request to create a new Apache Sling JCR Oak Server release
> -----------------------------------------------------------
>
> Key: SLING-11305
> URL: https://issues.apache.org/jira/browse/SLING-11305
> Project: Sling
> Issue Type: Improvement
> Components: Oak
> Affects Versions: Starter 12
> Reporter: Yuri Simione
> Priority: Major
> Fix For: JCR Oak Server 1.2.10
>
>
> One of +the official Sling 12+ bundle, the *Apache Sling JCR Oak Server* ver
> 1.2.10 has some vulnerabilities originated by the Google Guava library. This
> bundle has been updated in 2021 and all the dependency of the Guava library
> removed [SLING-10029] Remove Guava dependency - ASF JIRA (apache.org).
> Although the vulnerability has been resolved I request to create a new
> release of the Apache Sling JCR Oak Server, to add the new release as one of
> the standard components of the Sling 12 official release, updating the Sling
> 12 download page as well.
> The update is also important because the Apache Sling JCR Oak Server ver
> 1.2.10 is the latest release and because of the Google Guava dependency all
> the major Sling projects, like the Apache Sling Starter, still need this
> library.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
