[
https://issues.apache.org/jira/browse/SLING-3262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13836374#comment-13836374
]
Jukka Zitting commented on SLING-3262:
--------------------------------------
bq. Are there any compatibility constraints related to upgrading from
Jackrabbit WebDAV and Jackrabbit JCR Server 2.4.4 to the 2.6.4 versions ?
No. The WebDAV component is fully binary-compatible (verified with clirr) and
there are no major changes in JCR Server either (it doesn't export any
packages, so the upgrade should be fine as long as o.a.s.jcr.webdav compiles).
The WebDAV interface exposed by JCR Server should be fully backwards compatible.
> Upgrade embedded jackrabbit-jcr-server version in o.a.s.jcr.webdav
> ------------------------------------------------------------------
>
> Key: SLING-3262
> URL: https://issues.apache.org/jira/browse/SLING-3262
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR Webdav 2.2.0, JCR DavEx 1.2.0
> Reporter: Jukka Zitting
> Fix For: JCR Webdav 2.2.2, JCR DavEx 1.2.2
>
>
> The WebDAV functionality in Jackrabbit has improved since the 2.4.4 version
> currently included in the o.a.s.jcr.webdav bundle. Most notably JCR-3630
> fixes an XSS issue that is still present in 2.4.4.
> It would thus be a good idea to upgrade the jackrabbit-jcr-server dependency
> to 2.4.5 (to get the JCR-3630 fix) or to 2.6.4 (for JCR-3630 and other
> fixes/improvements).
--
This message was sent by Atlassian JIRA
(v6.1#6144)
