[ https://issues.apache.org/jira/browse/SLING-9928?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17237942#comment-17237942 ]
Akanksha Jain edited comment on SLING-9928 at 11/24/20, 8:05 AM: ----------------------------------------------------------------- [~cziegeler] Thank you for merging the PR. Can you please release this updated 'org.apache.sling.scripting.el-api'. was (Author: akanksha88): [~cziegeler] Can you please release this updated 'org.apache.sling.scripting.el-api'. > Sling el-api embeds vulnerable version of el-api > ------------------------------------------------ > > Key: SLING-9928 > URL: https://issues.apache.org/jira/browse/SLING-9928 > Project: Sling > Issue Type: Bug > Components: Scripting > Reporter: Akanksha Jain > Assignee: Carsten Ziegeler > Priority: Major > Fix For: Scripting EL API Wrapper 1.0.4 > > Time Spent: 0.5h > Remaining Estimate: 0h > > *Issue summary :* Security issues reported under org.apache.tomcat > *Vulnerabilities* > CVE-2014-7810 5.0 org.apache.tomcat : el-api : 6.0.14 > [https://nvd.nist.gov/vuln/detail/CVE-2014-7810] > el-api-6.0.14 is embedded by org.apache.sling.scripting.el-api. > Expected: Need to update el-api version in org.apache.sling.scripting.el-api. -- This message was sent by Atlassian Jira (v8.3.4#803005)