| <!DOCTYPE html><html lang="en"> |
| <head> |
| <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/> |
| <title>Apache Sling :: News</title> |
| <link rel="icon" href="/favicon.ico"/> |
| <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bulma/0.7.5/css/bulma.min.css"/> |
| <link rel="stylesheet" href="/res/css/site.css"/> |
| <script src='https://www.apachecon.com/event-images/snippet.js'></script><link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/default.min.css"/> |
| <script src='https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/highlight.min.js'></script><script> |
| hljs.initHighlightingOnLoad(); |
| </script> |
| |
| <!-- Matomo Web Analytics --> |
| <script> |
| var _paq = window._paq = window._paq || []; |
| /* tracker methods like "setCustomDimension" should be called before "trackPageView" */ |
| /* We explicitly disable cookie tracking to avoid privacy issues */ |
| _paq.push(['disableCookies']); |
| _paq.push(['trackPageView']); |
| _paq.push(['enableLinkTracking']); |
| (function() { |
| var u="https://matomo.privacy.apache.org/"; |
| _paq.push(['setTrackerUrl', u+'matomo.php']); |
| _paq.push(['setSiteId', '6']); |
| var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; |
| g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s); |
| })(); |
| </script> |
| <!-- End Matomo Code --> |
| <link href='/pagefind/pagefind-ui.css' rel='stylesheet'><script src='/pagefind/pagefind-ui.js' type='text/javascript'></script> |
| <script> |
| window.addEventListener('DOMContentLoaded', (event) => { |
| new PagefindUI({ element: "#searchbox" }); |
| }); |
| </script> |
| |
| </head> <body> |
| <div class="section"> |
| <div class="level is-marginless"> |
| <div class="logo"> |
| <a href="https://sling.apache.org"> |
| <img border="0" alt="Apache Sling" src="/res/logos/sling.svg"/> |
| </a> |
| </div><div class="header"> |
| <a href="https://www.apache.org"> |
| <img border="0" alt="Apache" src="/res/logos/apache.png"/> |
| </a> |
| </div> |
| </div><section class="searchbox level is-marginless"> |
| <div id="searchbox"></div> |
| </section><div class="columns is-gapless"> |
| <div class="column is-narrow sidemenu"> |
| <div class="container"> |
| <nav class="menu"> |
| <ul class="menu-list box is-shadowless is-marginless"> |
| <li> |
| <p class="menu-label"> |
| <strong>Documentation</strong> |
| </p><ul> |
| <li><a href="/documentation.html">Overview</a></li><li><a href="/documentation/getting-started.html">Getting Started</a></li><li><a href="/documentation/the-sling-engine.html">The Sling Engine</a></li><li><a href="/documentation/development.html">Development</a></li><li><a href="/documentation/bundles.html">Bundles</a></li><li><a href="/documentation/tutorials-how-tos.html">Tutorials & How-Tos</a></li><li><a href="/components/">Maven Plugins</a></li><li><a href="/documentation/configuration.html">Configuration</a></li> |
| </ul> |
| </li><li> |
| <p class="menu-label"> |
| <strong>API Docs</strong> |
| </p><ul> |
| <li><a href="/apidocs/sling12/index.html">Sling 12</a></li><li><a href="/apidocs/sling11/index.html">Sling 11</a></li><li><a href="/apidocs/sling10/index.html">Sling 10</a></li><li><a href="/apidocs/sling9/index.html">Sling 9</a></li><li><a href="/documentation/apidocs.html">All versions</a></li> |
| </ul> |
| </li><li> |
| <p class="menu-label"> |
| <strong>Support</strong> |
| </p><ul> |
| <li><a href="https://s.apache.org/sling.wiki">Wiki</a></li><li><a href="https://s.apache.org/sling.faq">FAQ</a></li><li><a href="/sitemap.html">Sitemap</a></li> |
| </ul> |
| </li><li> |
| <p class="menu-label"> |
| <strong>Project Info</strong> |
| </p><ul> |
| <li><a href="/downloads.cgi">Downloads</a></li><li><a href="https://www.apache.org/licenses/">License</a></li><li><a href="/news.html">News</a></li><li><a href="/releases.html">Releases</a></li><li><a href="https://issues.apache.org/jira/browse/SLING">Issue Tracker</a></li><li><a href="/links.html">Links</a></li><li><a href="/contributing.html">Contributing</a></li><li><a href="/project-information.html">Project Information</a></li><li><a href="/project-information/security.html">Security</a></li> |
| </ul> |
| </li><li> |
| <p class="menu-label"> |
| <strong>Source</strong> |
| </p><ul> |
| <li><a href="/repolist.html">Repositories</a></li><li><a href="https://gitbox.apache.org/repos/asf?s=sling">Git at Apache</a></li> |
| </ul> |
| </li><li> |
| <p class="menu-label"> |
| <strong>Apache Software<br>Foundation</strong> |
| </p><ul> |
| <li><a href="https://www.apache.org/foundation/thanks.html">Thanks!</a></li><li><a href="https://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li><li><a href="https://www.apache.org/foundation/buy_stuff.html">Buy Stuff</a></li> |
| </ul> |
| </li><li> |
| <a class="acevent" data-format="square" data-event="random"></a> |
| </li><li> |
| <a href="https://apache.org/foundation/contributing.html" class="column"> |
| <img border="0" alt="Support the Apache Software Foundation!" src="/res/images/SupportApache-small.png" width="125"/> |
| </a> |
| </li> |
| </ul> |
| </nav> |
| </div> |
| </div><div class="column main"> |
| <div class="box is-shadowless is-marginless"> |
| <div class="level"> |
| <div class="pagenav"> |
| <div class="breadcrumb"> |
| <ul> |
| <li> |
| <a href="/"> |
| Home |
| </a> |
| </li> |
| </ul> |
| </div> |
| </div><div class="tags"> |
| <span class="tag"> |
| <a href="/tags/news.html"> |
| news |
| </a> |
| </span> |
| </div> |
| </div><h1 class="title"> |
| News |
| </h1><div class="content is-marginless"> |
| <div class="row" data-pagefind-body="true"><div><section><ul> |
| <li>Security Advisory: <a href="./security/CVE-2023-6378.html">Apache Sling advisory regarding CVE-2023-6378</a></li> |
| <li>Vulnerability report: CVE-2024-23673: Apache Sling Servlets Resolver: Malicious code execution via path traversal, see <a href="https://www.cve.org/CVERecord?id=CVE-2024-23673">https://www.cve.org/CVERecord?id=CVE-2024-23673</a></li> |
| <li>Vulnerability report: CVE-2022-47937: Multiple parsing problems in the Apache Sling Commons JSON module, see <a href="https://www.cve.org/CVERecord?id=CVE-2022-47937">https://www.cve.org/CVERecord?id=CVE-2022-47937</a></li> |
| <li>Vulnerability report and fix: CVE-2022-37734: Apache GraphQL Core: Upgraded graphql-java to version 20.1 which contains the fix for the vulnerability, see <a href="https://www.cve.org/CVERecord?id=CVE-2022-37734">https://www.cve.org/CVERecord?id=CVE-2022-37734</a></li> |
| <li>Vulnerability report and fix: CVE-2022-45064: Apache Sling Engine: Include-based XSS (April 12th, 2023), see <a href="https://www.cve.org/CVERecord?id=CVE-2022-45064">https://www.cve.org/CVERecord?id=CVE-2022-45064</a></li> |
| <li>Vulnerability report and fix: CVE-2023-26513: Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS (Mar 20th, 2023), see <a href="https://www.cve.org/CVERecord?id=CVE-2023-26513">https://www.cve.org/CVERecord?id=CVE-2023-26513</a></li> |
| <li>Vulnerability report and fix: CVE-2023-25621: Apache Sling does not allow to handle i18n content in a secure way (Feb 23rd, 2023), see <a href="https://www.cve.org/CVERecord?id=CVE-2023-25621">https://www.cve.org/CVERecord?id=CVE-2023-25621</a></li> |
| <li>Vulnerability report and fix: CVE-2023-25141: Apache Sling JCR Base JNDI injection (February 14th, 2023), see <a href="https://www.cve.org/CVERecord?id=CVE-2023-25141">https://www.cve.org/CVERecord?id=CVE-2023-25141</a></li> |
| <li>Vulnerability report and fix: CVE-2023-22849: Apache Sling App CMS: XSS in CMS Reference / UI Components (Feb 3rd, 2023), see <a href="https://www.cve.org/CVERecord?id=CVE-2023-22849">https://www.cve.org/CVERecord?id=CVE-2023-22849</a></li> |
| <li>Vulnerability report and fix: CVE-2022-46769: Apache Sling CMS Reflected XSS Vulnerability (January 1st, 2022), see <a href="https://www.cve.org/CVERecord?id=CVE-2022-46769">https://www.cve.org/CVERecord?id=CVE-2022-46769</a></li> |
| <li>Vulnerability report and fix: CVE-2022-43670: Apache Sling CMS Reflected XSS Vulnerability (November 1st, 2022), see <a href="http://s.apache.org/CVE-2022-43670">http://s.apache.org/CVE-2022-43670</a></li> |
| <li>Released <a href="/news/sling-12-released.html">Apache Sling 12</a> (March 18th, 2022).</li> |
| <li>Security Advisory: <a href="./security/log4shell.html">Apache Sling advisory regarding CVE-2021-44228 and LOGBACK-1591</a></li> |
| <li>Our documentation pages now have an edit link in their footer: patches, which are very welcome, are now easier than ever!</li> |
| <li>The new <a href="./sitemap.html">hierarchical sitemap</a> helps you find the right page, along with the existing <a href="./tags/development.html">tags pages</a>.</li> |
| <li>Released <a href="https://github.com/apache/sling-org-apache-sling-adapter-annotations">Apache Sling Adapter Annotations 2.0</a>, a new module that implements OSGi DS 1.4 component property type annotations for Sling Adapters.</li> |
| <li>The virtual adaptTo() 2020 conference took place in September and <a href="https://adapt.to/2020/en/schedule.html">video recordings will be available soon</a>.</li> |
| <li>Vulnerability report and fix: CVE-2020-1949: Apache Sling CMS Reflected XSS Vulnerability (March 24th, 2020), see <a href="http://s.apache.org/CVE-2020-1949">http://s.apache.org/CVE-2020-1949</a></li> |
| <li>The <a href="https://adapt.to/2019/">adaptTo() 2019 conference</a> took place in Berlin, Germany. (September 2-4, 2019).</li> |
| <li>Released <a href="/news/sling-11-released.html">Apache Sling 11</a> (October 23rd, 2018).</li> |
| <li>The <a href="https://adapt.to/2018/">adaptTo() 2018 conference</a> took place in Potsdam, Germany. (September 10-12, 2018).</li> |
| <li>Released <a href="/documentation/bundles/sling-pipes.html">Apache Sling Pipes 2.0.2</a> (February 7th, 2018).</li> |
| <li>Released <a href="/news/sling-10-released.html">Apache Sling 10</a> (February 6th, 2018).</li> |
| <li>Released <a href="/news/sling-ide-tooling-12-released.html">Apache Sling IDE Tooling for Eclipse 1.2.0</a> (January 21st, 2018).</li> |
| <li>Sling has moved to Git (October 20, 2017)</li> |
| <li>The <a href="https://adapt.to/2017/en.html">adaptTo() 2017 conference</a> took place in Berlin. (September 25-27, 2017).</li> |
| <li>Released <a href="/news/sling-launchpad-9-released.html">Apache Sling 9</a> (June 12th, 2017)</li> |
| <li>The <a href="https://adapt.to/2016/en.html">adaptTo() 2016 conference</a> took place in Berlin. (September 26-28, 2016).</li> |
| <li>Released <a href="/news/sling-ide-tooling-11-released.html">Apache Sling IDE Tooling for Eclipse 1.1.0</a> (March 14th, 2016)</li> |
| <li>Released <a href="/news/sling-launchpad-8-released.html">Apache Sling 8</a> (October 16th, 2015)</li> |
| <li>The <a href="https://adapt.to/2015/en.html">adaptTo() 2015 conference</a> took place in Berlin. (September 28-30, 2015).</li> |
| <li>Released Apache Sling 7 (October 3th, 2014)</li> |
| <li>The <a href="https://adapt.to/2014/en.html">adaptTo() 2014 conference</a> took place in Berlin. (September 22-24, 2014).</li> |
| <li>The <a href="https://adapt.to/2013/en.html">adaptTo() 2013 conference</a> took place in Berlin. (September 23-25, 2013).</li> |
| <li>The <a href="https://adapt.to/2012/en.html">adaptTo() 2012 conference</a> took place in Berlin. (September 26-28, 2012).</li> |
| <li>Vulnerability report and fix: CVE-2012-2138 Apache Sling denial of service vulnerability (July 6th, 2012), see <a href="http://s.apache.org/CVE-2012-2138">http://s.apache.org/CVE-2012-2138</a></li> |
| <li>The <a href="https://adapt.to/2011/en.html">adaptTo() 2011 conference</a> took place in Berlin. (September 15-16, 2011).</li> |
| <li>Released <a href="http://markmail.org/thread/hv5vd5774ofwqu6j">Apache Sling 6</a> (March 28, 2011)</li> |
| <li>Sling site at http://sling.apache.org live (June 29, 2009)</li> |
| <li>Mailing lists moved to dev(a)sling.apache.org and commits(a)sling.apache.org (June 29, 2009)</li> |
| <li>SVN moved to http://svn.apache.org/repos/asf/sling (June 18, 2009)</li> |
| <li>Apache Sling has graduated into a top level project! (June 17, 2009)</li> |
| </ul> |
| <h1><a href="#history" id="history">History</a></h1> |
| <p>Sling started as an internal project at <a href="http://www.day.com">Day Software</a> , and entered the Apache Incubator in September 2007. As of June, 17th, 2009 Apache Sling is a top level project of the Apache Software Foundation.</p> |
| <p>The name "Sling" has been proposed by Roy Fielding who explained it like this:</p> |
| <blockquote> |
| <p>[The name is] Biblical in nature. The story of David: the weapon he uses to slay the giant Goliath is a sling. Hence, our David's [David Nuescheler, CTO of Day Software] favorite weapon.</p> |
| <p>It is also the simplest device for delivering content very fast.</p> |
| </blockquote> |
| </section></div></div><div data-pagefind-body="true" data-pagefind-weight="7.0" style="display:none;"> - ( News )</div> |
| </div> |
| </div> |
| </div> |
| </div><footer class="footer"> |
| <div class="content has-text-centered is-small"> |
| <div class="editpagelink"> |
| This page can be edited on GitHub at <a href="https://github.com/apache/sling-site/edit/master/src/main/jbake/content/news.md"> |
| content/news.md |
| </a> |
| </div> <div class="revisionInfo"> |
| Last modified by <span class="author">Robert Munteanu</span> on <span class="comment">2024-02-06</span> |
| </div><p> |
| Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project |
| logo are trademarks of The Apache Software Foundation. All other marks mentioned |
| may be trademarks or registered trademarks of their respective owners. |
| </p><p> |
| Copyright © 2007-2024<a href="https://www.apache.org/"> |
| The Apache Software Foundation |
| </a>|<a href="https://privacy.apache.org/policies/privacy-policy-public.html"> |
| Privacy Policy |
| </a> |
| </p> |
| </div> |
| </footer> |
| </div> |
| </body> |
| </html> |