Uploaded image for project: 'Jackrabbit FileVault'
  1. Jackrabbit FileVault
  2. JCRVLT-640

RCP bundle: Get rid of some Sling dependencies

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 3.6.4
    • None
    • None

    Description

      The RCP bundle should not depend on any Sling bundles. This would also fix the vulnerability issue currently detected in Sling API failing the build: 

      One or more dependencies were identified with known vulnerabilities in Apache Jackrabbit FileVault RCP Server Bundle:

org.apache.sling.api-2.16.4.jar (pkg:maven/org.apache.sling/org.apache.sling.api@2.16.4, cpe:2.3:a:apache:sling:2.16.4:*:*:*:*:*:*:*, cpe:2.3:a:apache:sling_api:2.16.4:*:*:*:*:*:*:*) : CVE-2022-32549

      (https://ci-builds.apache.org/blue/organizations/jenkins/Jackrabbit%2Ffilevault/detail/master/135/pipeline)

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #232

          Activity

            People

              kwin Konrad Windszus
              kwin Konrad Windszus
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: