[ https://issues.apache.org/jira/browse/SLING-12116?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17777874#comment-17777874 ]
Robert Munteanu commented on SLING-12116: ----------------------------------------- [~tvogel] - do you have a reference to a CVE or release notes for Guava? I applied it since it's a good idea anyway. > Update transative google-guava dependency to version 32.1.3-jre > --------------------------------------------------------------- > > Key: SLING-12116 > URL: https://issues.apache.org/jira/browse/SLING-12116 > Project: Sling > Issue Type: Bug > Components: XSS Protection API > Reporter: Tatyana Vogel > Assignee: Tatyana Vogel > Priority: Critical > Fix For: XSS Protection API 2.3.10 > > > The sling XSS library has a transitive dependency which embeds vulnerable > google-guava. > Upgrade to a vulnerability-free version of the embedded library is needed. -- This message was sent by Atlassian Jira (v8.20.10#820010)