[jira] [Updated] (SLING-12331) Update sling maven plugins to maven 3.8.x

Dirk Rudolph (Jira) Wed, 29 May 2024 03:57:20 -0700


     [ 
https://issues.apache.org/jira/browse/SLING-12331?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Dirk Rudolph updated SLING-12331:
---------------------------------
    Component/s: Maven Plugins and Archetypes

> Update sling maven plugins to maven 3.8.x
> -----------------------------------------
>
>                 Key: SLING-12331
>                 URL: https://issues.apache.org/jira/browse/SLING-12331
>             Project: Sling
>          Issue Type: Improvement
>          Components: Maven Plugins and Archetypes
>            Reporter: Dirk Rudolph
>            Priority: Major
>
> We recently got some security vulnerability reported related to maven-core, 
> which is a transitive dependency used in many / some of the sling maven 
> plugins. 
> While maven-core is always take from the maven installation in the current 
> version, the vulnerable jars are downloaded when using the plugins, and hence 
> found and reported by security scanners.
> We should update our maven plugins to use the 3.8.x version of maven at least.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (SLING-12331) Update sling maven plugins to maven 3.8.x

Reply via email to