sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Munteanu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SLING-7626) disclosure vulnerability affecting Apache Sling Servlets Post 2.3.6 and earlier versions
Date Wed, 02 May 2018 06:42:00 GMT

    [ https://issues.apache.org/jira/browse/SLING-7626?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16460584#comment-16460584
] 

Robert Munteanu commented on SLING-7626:
----------------------------------------

[~andylin767] - can you clarify how the vulnerabilities affect the listed Sling artifacts?
Our product deployments happen through the [sling starter|https://github.com/apache/sling-org-apache-sling-starter]
and that has already been upgraded. POM dependencies don't qualify as vulnerabilities for
that reason.

> disclosure vulnerability affecting Apache Sling Servlets Post 2.3.6 and earlier versions
> ----------------------------------------------------------------------------------------
>
>                 Key: SLING-7626
>                 URL: https://issues.apache.org/jira/browse/SLING-7626
>             Project: Sling
>          Issue Type: Task
>    Affects Versions: Testing JCR Mock 1.3.2, Servlet Helpers 1.1.4, Testing Sling Mock
2.2.18
>            Reporter: Andy
>            Priority: Blocker
>
> There is a high security vulnerability from OWASP dependencies check scan affecting Apache
Sling Servlets Post 2.3.6 and earlier versions. Please update to Apache Sling Servlets Post
2.3.8.
> This is the Adobe fixes for reference, but the following modules need to address this
> https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html 
> org.apache.sling.servlet-helpers-1.1.4.jar
> org.apache.sling.testing.sling-mock-2.2.18.jar
> org.apache.sling.testing.jcr-mock-1.3.2.jar
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message