[
https://issues.apache.org/jira/browse/SLING-11305?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17533554#comment-17533554
]
Eric Norman commented on SLING-11305:
-------------------------------------
[~artika4biz] I'm not against doing a new release of this bundle.
Unfortunately, I don't believe that doing that would accomplish your ultimate
goal. The distribution is likely going to still require whatever version of
guava that the oak bundles depend on due to OAK-7182
> Request to create a new Apache Sling JCR Oak Server release
> -----------------------------------------------------------
>
> Key: SLING-11305
> URL: https://issues.apache.org/jira/browse/SLING-11305
> Project: Sling
> Issue Type: Improvement
> Components: Oak
> Affects Versions: Starter 12
> Reporter: Yuri Simione
> Priority: Major
> Fix For: JCR Oak Server 1.2.10
>
>
> One of +the official Sling 12+ bundle, the *Apache Sling JCR Oak Server* ver
> 1.2.10 has some vulnerabilities originated by the Google Guava library. This
> bundle has been updated in 2021 and the dependency of the Guava library
> removed SLING-10029 Remove Guava dependency - ASF JIRA (apache.org). Although
> the vulnerability has been resolved I request to create a new release of the
> Apache Sling JCR Oak Server, to add the new release as one of the standard
> components of the Sling 12 official release, updating the Sling 12 download
> page as well.
> The update is important because the Apache Sling JCR Oak Server ver 1.2.10 is
> the latest release and because of the Google Guava dependency all the major
> Sling projects, like the Apache Sling Starter, still need this library.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
