[jira] [Comment Edited] (SLING-9928) Sling el-api embeds vulnerable version of el-api

Akanksha Jain (Jira) Tue, 24 Nov 2020 00:06:03 -0800


    [ 
https://issues.apache.org/jira/browse/SLING-9928?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17237942#comment-17237942
 ]


Akanksha Jain edited comment on SLING-9928 at 11/24/20, 8:05 AM:
-----------------------------------------------------------------

[~cziegeler]  Thank you for merging the PR.

Can you please release this updated 'org.apache.sling.scripting.el-api'.


was (Author: akanksha88):
[~cziegeler] Can you please release this updated 
'org.apache.sling.scripting.el-api'.

> Sling el-api embeds vulnerable version of el-api
> ------------------------------------------------
>
>                 Key: SLING-9928
>                 URL: https://issues.apache.org/jira/browse/SLING-9928
>             Project: Sling
>          Issue Type: Bug
>          Components: Scripting
>            Reporter: Akanksha Jain
>            Assignee: Carsten Ziegeler
>            Priority: Major
>             Fix For: Scripting EL API Wrapper 1.0.4
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> *Issue summary :* Security issues reported under org.apache.tomcat
> *Vulnerabilities*
> CVE-2014-7810 5.0 org.apache.tomcat : el-api : 6.0.14
> [https://nvd.nist.gov/vuln/detail/CVE-2014-7810]
> el-api-6.0.14 is embedded by org.apache.sling.scripting.el-api.
> Expected: Need to update el-api version in org.apache.sling.scripting.el-api.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Comment Edited] (SLING-9928) Sling el-api embeds vulnerable version of el-api

Reply via email to