[ https://issues.apache.org/jira/browse/SLING-7626?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16460584#comment-16460584 ]
Robert Munteanu commented on SLING-7626: ---------------------------------------- [~andylin767] - can you clarify how the vulnerabilities affect the listed Sling artifacts? Our product deployments happen through the [sling starter|https://github.com/apache/sling-org-apache-sling-starter] and that has already been upgraded. POM dependencies don't qualify as vulnerabilities for that reason. > disclosure vulnerability affecting Apache Sling Servlets Post 2.3.6 and > earlier versions > ---------------------------------------------------------------------------------------- > > Key: SLING-7626 > URL: https://issues.apache.org/jira/browse/SLING-7626 > Project: Sling > Issue Type: Task > Affects Versions: Testing JCR Mock 1.3.2, Servlet Helpers 1.1.4, Testing > Sling Mock 2.2.18 > Reporter: Andy > Priority: Blocker > > There is a high security vulnerability from OWASP dependencies check scan > affecting Apache Sling Servlets Post 2.3.6 and earlier versions. Please > update to Apache Sling Servlets Post 2.3.8. > This is the Adobe fixes for reference, but the following modules need to > address this > https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html > org.apache.sling.servlet-helpers-1.1.4.jar > org.apache.sling.testing.sling-mock-2.2.18.jar > org.apache.sling.testing.jcr-mock-1.3.2.jar > -- This message was sent by Atlassian JIRA (v7.6.3#76005)