Re: state of sling-org-apache-sling-starter

Fri, 27 Nov 2020 15:13:17 -0800 

Eric,
thank you - there seems to be quite a list of outdated bundles int the starter even outside of sling itself. I am trying to wrap my head around how to make bring everything safely up to date. 


it looks like some of the versions in use have known security 
vulnerabilities.


Ruben

On 11/27/2020 1:28 PM, Eric Norman wrote:

Hi Ruben,

I've just fixed the org.apache.sling.jcr.contentloader item from your
list.  It might be worth opening a new issue in jira for tracking the
others.

FYI: I usually use the following command to produce a report on
dependencies that are not the latest version:

*mvn versions:display-dependency-updates*


Regards,
-Eric

On Tue, Nov 24, 2020 at 9:06 PM Ruben Reusser <r...@headwire.com> wrote:


here's the current list of mismatches:

org.apache.sling.commons.fsclassloader starter: 1.0.14 downloads: 1.0.8
org.apache.sling.commons.scheduler starter: 2.7.6 downloads: 2.7.2
org.apache.sling.models.impl starter: 1.4.12 downloads: 1.4.16
org.apache.sling.serviceusermapper starter: 1.4.4 downloads: 1.4.2
org.apache.sling.servlets.resolver starter: 2.7.10 downloads: 2.7.8
org.apache.sling.commons.johnzon starter: 1.2.4 downloads: 1.2.6
org.apache.sling.commons.osgi starter: 2.4.0 downloads: 2.4.2
org.apache.sling.installer.core starter: 3.11.2 downloads: 3.11.4
org.apache.sling.settings starter: 1.4.0 downloads: 1.4.2
org.apache.sling.discovery.oak starter: 1.2.28 downloads: 1.2.30
org.apache.sling.discovery.support starter: 1.0.4 downloads: 1.0.6
org.apache.sling.jcr.contentloader starter: 2.3.0 downloads: 2.4.0
org.apache.sling.extensions.webconsolesecurityprovider starter: 1.2.4
downloads: 1.2.2


On Tue, Nov 24, 2020 at 5:13 pm, Bertrand Delacretaz
<bdelacre...@apache.org> wrote:

Hi Ruben,

On Tue, Nov 24, 2020 at 4:29 PM Ruben Reusser <r...@headwire.com
<mailto:r...@headwire.com>> wrote:

  ...is there a process to update the starter and the downloads page
when a
  new version of a bundle is released?...

Updating it is part of our release instructions at
<

https://sling.apache.org/documentation/development/release-management.html#update-the-sling-starter-module-1


But I suspect we miss that sometimes - patches welcome of course!

-Bertrand
























					Reply via email to