[SLING-11305] Request to create a new Apache Sling JCR Oak Server release - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Done
Affects Version/s: Starter 12
Fix Version/s: None
Component/s: Oak
Labels:
None

Description

One of the official Sling 12 bundle, the Apache Sling JCR Oak Server ver 1.2.10 has some vulnerabilities originated by the Google Guava library. This bundle has been updated in 2021 and the dependency of the Guava library removed ~~SLING-10029~~ Remove Guava dependency - ASF JIRA (apache.org). Although the vulnerability has been resolved I request to create a new release of the Apache Sling JCR Oak Server, to add the new release as one of the standard components of the Sling 12 official release, updating the Sling 12 download page as well.

The update is important because the Apache Sling JCR Oak Server ver 1.2.10 is the latest release and because of the Google Guava dependency all the major Sling projects, like the Apache Sling Starter, still need this library.

Attachments

Activity

People

Assignee:: Oliver Lietz

Reporter:: Yuri Simione

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 08/May/22 16:35

Updated:: 19/May/22 12:00

Resolved:: 19/May/22 12:00