Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Done
-
Starter 12
-
None
-
None
Description
One of the official Sling 12 bundle, the Apache Sling JCR Oak Server ver 1.2.10 has some vulnerabilities originated by the Google Guava library. This bundle has been updated in 2021 and the dependency of the Guava library removed SLING-10029 Remove Guava dependency - ASF JIRA (apache.org). Although the vulnerability has been resolved I request to create a new release of the Apache Sling JCR Oak Server, to add the new release as one of the standard components of the Sling 12 official release, updating the Sling 12 download page as well.
The update is important because the Apache Sling JCR Oak Server ver 1.2.10 is the latest release and because of the Google Guava dependency all the major Sling projects, like the Apache Sling Starter, still need this library.