Dirk Rudolph created SLING-12331:
------------------------------------
Summary: Update sling maven plugins to maven 3.8.x
Key: SLING-12331
URL: https://issues.apache.org/jira/browse/SLING-12331
Project: Sling
Issue Type: Improvement
Reporter: Dirk Rudolph
We recently got some security vulnerability reported related to maven-core,
which is a transitive dependency used in many / some of the sling maven
plugins.
While maven-core is always take from the maven installation in the current
version, the vulnerable jars are downloaded when using the plugins, and hence
found and reported by security scanners.
We should update our maven plugins to use the 3.8.x version of maven at least.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
