[ https://issues.apache.org/jira/browse/SLING-12116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Munteanu updated SLING-12116: ------------------------------------ Fix Version/s: XSS Protection API 2.3.12 (was: XSS Protection API 2.3.10) > Update transative google-guava dependency to version 32.1.3-jre > --------------------------------------------------------------- > > Key: SLING-12116 > URL: https://issues.apache.org/jira/browse/SLING-12116 > Project: Sling > Issue Type: Bug > Components: XSS Protection API > Reporter: Tatyana Vogel > Assignee: Tatyana Vogel > Priority: Critical > Fix For: XSS Protection API 2.3.12 > > > The sling XSS library has a transitive dependency which embeds vulnerable > google-guava. > Upgrade to a vulnerability-free version of the embedded library is needed. -- This message was sent by Atlassian Jira (v8.20.10#820010)