[
https://issues.apache.org/jira/browse/SLING-12492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17898702#comment-17898702
]
Scott Yuan commented on SLING-12492:
------------------------------------
Hello! Upgrading the Maven dependencies org.apache.sling.api to version 2.27.6
and commons-io to version 2.17.0 appears to be an easy fix, with clean test
results. A pull request has been submitted to assist with this. Thank you!
> Apache Sling Scripting JavaScript 3.1.4 is affected by vulnerabilities
> CVE-2022-32549 and CVE-2021-29425.
> ---------------------------------------------------------------------------------------------------------
>
> Key: SLING-12492
> URL: https://issues.apache.org/jira/browse/SLING-12492
> Project: Sling
> Issue Type: Improvement
> Components: Scripting
> Affects Versions: Scripting JavaScript 3.1.4
> Reporter: Scott Yuan
> Priority: Minor
>
> The MVN Repository reports that the latest release, Apache Sling Scripting
> JavaScript 3.1.4, is affected by vulnerabilities CVE-2022-32549 and
> CVE-2021-29425 due to outdated dependencies. For more details, visit MVN
> Repository.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
