[
https://issues.apache.org/jira/browse/SLING-7626?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16460584#comment-16460584
]
Robert Munteanu commented on SLING-7626:
----------------------------------------
[~andylin767] - can you clarify how the vulnerabilities affect the listed Sling
artifacts? Our product deployments happen through the [sling
starter|https://github.com/apache/sling-org-apache-sling-starter] and that has
already been upgraded. POM dependencies don't qualify as vulnerabilities for
that reason.
> disclosure vulnerability affecting Apache Sling Servlets Post 2.3.6 and
> earlier versions
> ----------------------------------------------------------------------------------------
>
> Key: SLING-7626
> URL: https://issues.apache.org/jira/browse/SLING-7626
> Project: Sling
> Issue Type: Task
> Affects Versions: Testing JCR Mock 1.3.2, Servlet Helpers 1.1.4, Testing
> Sling Mock 2.2.18
> Reporter: Andy
> Priority: Blocker
>
> There is a high security vulnerability from OWASP dependencies check scan
> affecting Apache Sling Servlets Post 2.3.6 and earlier versions. Please
> update to Apache Sling Servlets Post 2.3.8.
> This is the Adobe fixes for reference, but the following modules need to
> address this
> https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html
> org.apache.sling.servlet-helpers-1.1.4.jar
> org.apache.sling.testing.sling-mock-2.2.18.jar
> org.apache.sling.testing.jcr-mock-1.3.2.jar
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
