Hi, Hi,
1. When I try mvn clean install on trunk locally my sonatype IQ-Server prevents access to artifact <artifact>org.apache.jackrabbit:oak-run:1.6.2</artifact> referenced by https://github.com/apache/jackrabbit-oak/blob/trunk/oak-segment-tar/pom.xml 2. The artifact is affected by several security vulnerabilities: ---------------------------------------------------------------------- CVE-2012-4449 CVE-2016-1000031 CVE-2016-3086 CVE-2016-6814 CVE-2017-5929 CVE-2017-7657 CVE-2017-7658 CVE-2019-17571 CVE-2020-10683 CVE-2021-27905 CVE-2021-42392 CVE-2021-44548 CVE-2022-23221 CVE-2022-23305 CVE-2022-25168 sonatype-2018-0624 sonatype-2018-0859 ---------------------------------------------------------------------- 3. Using oak-run:1.22.15 satisfies the sonatype IQ-Server 4. Is is necessary to use a hard coded version? 5. Should i create an jira issue? Best regards Michael
