[
https://issues.apache.org/jira/browse/SLING-3262?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13836384#comment-13836384
]
Felix Meschberger commented on SLING-3262:
------------------------------------------
Updated jcr/davex and jcr/webdav projects to the latest production version of
the WebDAV and JCR Server libraries (2.6.4) in Rev. 1546935
(Also had to add JUnit test dependency to davex bundle)
> Upgrade embedded jackrabbit-jcr-server version in o.a.s.jcr.webdav
> ------------------------------------------------------------------
>
> Key: SLING-3262
> URL: https://issues.apache.org/jira/browse/SLING-3262
> Project: Sling
> Issue Type: Improvement
> Components: JCR
> Affects Versions: JCR Webdav 2.2.0, JCR DavEx 1.2.0
> Reporter: Jukka Zitting
> Fix For: JCR Webdav 2.2.2, JCR DavEx 1.2.2
>
>
> The WebDAV functionality in Jackrabbit has improved since the 2.4.4 version
> currently included in the o.a.s.jcr.webdav bundle. Most notably JCR-3630
> fixes an XSS issue that is still present in 2.4.4.
> It would thus be a good idea to upgrade the jackrabbit-jcr-server dependency
> to 2.4.5 (to get the JCR-3630 fix) or to 2.6.4 (for JCR-3630 and other
> fixes/improvements).
--
This message was sent by Atlassian JIRA
(v6.1#6144)
