>
> There are lots of vulnerabilities reported which do not affect our usage
> of dependencies.
While this is probably true, is this an argument you want to keep having
over and over again? I have found some security focused folks don't trust
the engineering assurances that we are not affected.
Hi,
There are lots of vulnerabilities reported which do not affect our usage of
dependencies.
Therefore I am still in favour of putting the responsibility towards those who
build applications/distributions out of Sling bundles.
For Sling Starter this is obviously us.
I would recommend to
I would generally prefer that no dependencies have known security issues.
Basically, my position on this is the same as it was ~3 years ago from the
thread at [1].
Also, I'd agree with what was reported at [2] that it doesn't make sense to
depend on versions that have been declared as EOL when
Hi,
in light of https://issues.apache.org/jira/browse/SLING-11623 I think
its worth to have a hopefully brief discussion about our dependency
update policy.
https://cwiki.apache.org/confluence/display/SLING/Dependabot captures
what we said in the past and I think this is a good guideline,
[
https://issues.apache.org/jira/browse/SLING-11630?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Karl Pauls resolved SLING-11630.
Resolution: Fixed
Done in https://github.com/apache/sling-org-apache-sling-feature/pull/31
>
karlpauls merged PR #31:
URL: https://github.com/apache/sling-org-apache-sling-feature/pull/31
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail:
Karl Pauls created SLING-11630:
--
Summary: Feature model IOUtils should not use caches for jar files
from jar url connection
Key: SLING-11630
URL: https://issues.apache.org/jira/browse/SLING-11630
[
https://issues.apache.org/jira/browse/SLING-11629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oliver Lietz resolved SLING-11629.
--
Resolution: Done
> Update to Sling Bundle Parent 49
>
>
>
Oliver Lietz created SLING-11629:
Summary: Update to Sling Bundle Parent 49
Key: SLING-11629
URL: https://issues.apache.org/jira/browse/SLING-11629
Project: Sling
Issue Type: Task
[
https://issues.apache.org/jira/browse/SLING-11628?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oliver Lietz resolved SLING-11628.
--
Resolution: Done
> Update to Sling Bundle Parent 49
>
>
>
Oliver Lietz created SLING-11628:
Summary: Update to Sling Bundle Parent 49
Key: SLING-11628
URL: https://issues.apache.org/jira/browse/SLING-11628
Project: Sling
Issue Type: Task
[
https://issues.apache.org/jira/browse/SLING-11351?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oliver Lietz resolved SLING-11351.
--
Resolution: Done
> Update to Sling Bundle Parent 49
>
>
>
[
https://issues.apache.org/jira/browse/SLING-11626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oliver Lietz resolved SLING-11626.
--
Resolution: Done
> Make report thread safe
> ---
>
> Key:
[
https://issues.apache.org/jira/browse/SLING-11349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oliver Lietz resolved SLING-11349.
--
Resolution: Done
> Support rereading and rewriting of content
>
[
https://issues.apache.org/jira/browse/SLING-11625?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oliver Lietz resolved SLING-11625.
--
Resolution: Done
> Make report thread safe
> ---
>
> Key:
[
https://issues.apache.org/jira/browse/SLING-11348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oliver Lietz resolved SLING-11348.
--
Resolution: Done
> Support rereading of content
>
>
>
[
https://issues.apache.org/jira/browse/SLING-11350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oliver Lietz resolved SLING-11350.
--
Resolution: Done
> Update to Sling Bundle Parent 49
>
>
>
rombert commented on code in PR #30:
URL:
https://github.com/apache/sling-org-apache-sling-xss/pull/30#discussion_r999362695
##
src/test/java/org/apache/sling/xss/impl/AntiSamyPolicyWithTestConfigTest.java:
##
@@ -0,0 +1,146 @@
rombert commented on PR #30:
URL:
https://github.com/apache/sling-org-apache-sling-xss/pull/30#issuecomment-1283913227
> > @kwin - is this failure related to your recent changes?
sonarcloud[bot] commented on PR #30:
URL:
https://github.com/apache/sling-org-apache-sling-xss/pull/30#issuecomment-1283894539
SonarCloud Quality Gate failed. [![Quality Gate
[
https://issues.apache.org/jira/browse/SLING-11627?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17620281#comment-17620281
]
Carsten Ziegeler commented on SLING-11627:
--
Some code clean up
[
https://issues.apache.org/jira/browse/SLING-11627?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler resolved SLING-11627.
--
Resolution: Fixed
> ConcurrentModificationException when merging configurations
>
sonarcloud[bot] commented on PR #31:
URL:
https://github.com/apache/sling-org-apache-sling-feature/pull/31#issuecomment-1283890757
Kudos, SonarCloud Quality Gate passed! [![Quality Gate
karlpauls opened a new pull request, #31:
URL: https://github.com/apache/sling-org-apache-sling-feature/pull/31
…jvm issue
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
kwin commented on PR #30:
URL:
https://github.com/apache/sling-org-apache-sling-xss/pull/30#issuecomment-1283877213
> @kwin - is this failure related to your recent changes?
[
https://issues.apache.org/jira/browse/SLING-11627?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17620236#comment-17620236
]
Carsten Ziegeler commented on SLING-11627:
--
Potential fix in
Carsten Ziegeler created SLING-11627:
Summary: ConcurrentModificationException when merging
configurations
Key: SLING-11627
URL: https://issues.apache.org/jira/browse/SLING-11627
Project: Sling
[
https://issues.apache.org/jira/browse/SLING-11396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17620233#comment-17620233
]
Konrad Windszus commented on SLING-11396:
-
With
Oliver Lietz created SLING-11625:
Summary: Make report thread safe
Key: SLING-11625
URL: https://issues.apache.org/jira/browse/SLING-11625
Project: Sling
Issue Type: Improvement
Oliver Lietz created SLING-11626:
Summary: Make report thread safe
Key: SLING-11626
URL: https://issues.apache.org/jira/browse/SLING-11626
Project: Sling
Issue Type: Improvement
[
https://issues.apache.org/jira/browse/SLING-11351?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oliver Lietz updated SLING-11351:
-
Summary: Update to Sling Bundle Parent 49 (was: Update to Sling Bundle
Parent 48)
> Update to
[
https://issues.apache.org/jira/browse/SLING-11350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oliver Lietz updated SLING-11350:
-
Summary: Update to Sling Bundle Parent 49 (was: Update to Sling Bundle
Parent 48)
> Update to
rombert commented on PR #30:
URL:
https://github.com/apache/sling-org-apache-sling-xss/pull/30#issuecomment-1283704781
@nonanalou - while we figure out the CI issues, can you please reference a
Jira issue in:
- the PR summary
- commit message
?
`SLING- - Fix problem X`
rombert commented on PR #30:
URL:
https://github.com/apache/sling-org-apache-sling-xss/pull/30#issuecomment-1283703470
@kwin - is this failure related to your recent changes?
nonanalou opened a new pull request, #30:
URL: https://github.com/apache/sling-org-apache-sling-xss/pull/30
* Correct the policy adapter so that the conditions are added with an "or"
instead of an "and".
--
This is an automated message from the Apache Git Service.
To respond to the
[
https://issues.apache.org/jira/browse/SLING-11623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17620125#comment-17620125
]
Robert Munteanu commented on SLING-11623:
-
[~kwin] - we touch on the "update OSGi dependencies
[
https://issues.apache.org/jira/browse/SLING-11623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17620081#comment-17620081
]
Konrad Windszus edited comment on SLING-11623 at 10/19/22 7:58 AM:
---
I
[
https://issues.apache.org/jira/browse/SLING-11623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17620081#comment-17620081
]
Konrad Windszus commented on SLING-11623:
-
I think we discussed this several times and just
[
https://issues.apache.org/jira/browse/SLING-11623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17620073#comment-17620073
]
Joerg Hoh commented on SLING-11623:
---
[~rombert] I know :-)
On the other hand side I want to avoid any
sonarcloud[bot] commented on PR #91:
URL: https://github.com/apache/sling-whiteboard/pull/91#issuecomment-1283514196
Kudos, SonarCloud Quality Gate passed! [![Quality Gate
passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png
dependabot[bot] opened a new pull request, #91:
URL: https://github.com/apache/sling-whiteboard/pull/91
Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.13.3
to 2.13.4.1.
Commits
See full diff in https://github.com/FasterXML/jackson/commits;>compare view
dependabot[bot] opened a new pull request, #90:
URL: https://github.com/apache/sling-whiteboard/pull/90
Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.13.3
to 2.13.4.1.
Commits
See full diff in https://github.com/FasterXML/jackson/commits;>compare view
sonarcloud[bot] commented on PR #40:
URL:
https://github.com/apache/sling-org-apache-sling-testing-clients/pull/40#issuecomment-1283491684
Kudos, SonarCloud Quality Gate passed! [![Quality Gate
dependabot[bot] opened a new pull request, #40:
URL: https://github.com/apache/sling-org-apache-sling-testing-clients/pull/40
Bumps [jackson-databind](https://github.com/FasterXML/jackson) from 2.13.2.1
to 2.13.4.1.
Commits
See full diff in
44 matches
Mail list logo