Dirk Rudolph created SLING-12331: ------------------------------------ Summary: Update sling maven plugins to maven 3.8.x Key: SLING-12331 URL: https://issues.apache.org/jira/browse/SLING-12331 Project: Sling Issue Type: Improvement Reporter: Dirk Rudolph
We recently got some security vulnerability reported related to maven-core, which is a transitive dependency used in many / some of the sling maven plugins. While maven-core is always take from the maven installation in the current version, the vulnerable jars are downloaded when using the plugins, and hence found and reported by security scanners. We should update our maven plugins to use the 3.8.x version of maven at least. -- This message was sent by Atlassian Jira (v8.20.10#820010)