[ https://issues.apache.org/jira/browse/SLING-11623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17620125#comment-17620125 ]
Robert Munteanu commented on SLING-11623: ----------------------------------------- [~kwin] - we touch on the "update OSGi dependencies as needed" topic at https://cwiki.apache.org/confluence/display/SLING/Dependabot . I wrote that page, but I think it captures the consensus that we have. We already get "false flag" security reports already, either in Sling or in downstream distributions which include our bundles. I think we should follow the implicit policy we have to keep the imports as relaxed as possible. If we want to change that, let's have a discussion on the dev list and start implementing it consistently. Doing different things for some bundles/dependencies will only make things more confusing. > update commons text > ------------------- > > Key: SLING-11623 > URL: https://issues.apache.org/jira/browse/SLING-11623 > Project: Sling > Issue Type: Improvement > Components: Commons, Feature Model, Maven Plugins and Archetypes, > XSS Protection API > Affects Versions: XSS Protection API 2.3.0, slingfeature-maven-plugin > 1.6.8, Feature Model Launcher 1.2.0, Rewriter 1.3.4 > Reporter: Joerg Hoh > Assignee: Joerg Hoh > Priority: Major > Fix For: slingfeature-maven-plugin 1.6.10, Feature Model Launcher > 1.2.2, Rewriter 1.3.6, XSS Protection API 2.3.2 > > Time Spent: 40m > Remaining Estimate: 0h > -- This message was sent by Atlassian Jira (v8.20.10#820010)