bkkothari2255 commented on PR #74: URL: https://github.com/apache/sling-org-apache-sling-distribution-core/pull/74#issuecomment-3985702830
> @kwin Is there a chance to enforce a hard dependency to at least Filevault 4.2.0, which has the Patch option removed? Because otherwise there is still the option to run this code with a filevault older than 4.2.0, and I would consider that as a security risk. > > (Because if there is no chance to do that, I would close this ticket and not implement it.) @joerghoh @kwin That makes total sense regarding the security risk on older FileVault versions. If you both agree it's the right path forward, I can bump the org.apache.jackrabbit.vault dependency version to 4.2.0 (or higher) in the pom.xml as part of this PR. The maven-bundle-plugin should then automatically generate the strict Import-Package range to enforce the hard dependency. Just let me know if you would like me to add that -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
