src/main/jbake/content/news.md

title=News type=page status=published tags=news tableOfContents=false

* Security Advisory: [Apache Sling advisory regarding CVE-2023-6378](./security/CVE-2023-6378.html)
* Vulnerability report: CVE-2024-23673: Apache Sling Servlets Resolver: Malicious code execution via path traversal, see [https://www.cve.org/CVERecord?id=CVE-2024-23673](https://www.cve.org/CVERecord?id=CVE-2024-23673)
* Vulnerability report: CVE-2022-47937: Multiple parsing problems in the Apache Sling Commons JSON module, see  [https://www.cve.org/CVERecord?id=CVE-2022-47937](https://www.cve.org/CVERecord?id=CVE-2022-47937)
* Vulnerability report and fix: CVE-2022-37734: Apache GraphQL Core: Upgraded graphql-java to version 20.1 which contains the fix for the vulnerability, see [https://www.cve.org/CVERecord?id=CVE-2022-37734](https://www.cve.org/CVERecord?id=CVE-2022-37734)
* Vulnerability report and fix: CVE-2022-45064: Apache Sling Engine: Include-based XSS (April 12th, 2023), see [https://www.cve.org/CVERecord?id=CVE-2022-45064](https://www.cve.org/CVERecord?id=CVE-2022-45064)
* Vulnerability report and fix: CVE-2023-26513: Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS (Mar 20th, 2023), see [https://www.cve.org/CVERecord?id=CVE-2023-26513](https://www.cve.org/CVERecord?id=CVE-2023-26513)
* Vulnerability report and fix: CVE-2023-25621: Apache Sling does not allow to handle i18n content in a secure way (Feb 23rd, 2023), see [https://www.cve.org/CVERecord?id=CVE-2023-25621](https://www.cve.org/CVERecord?id=CVE-2023-25621)
* Vulnerability report and fix: CVE-2023-25141: Apache Sling JCR Base JNDI injection (February 14th, 2023), see [https://www.cve.org/CVERecord?id=CVE-2023-25141](https://www.cve.org/CVERecord?id=CVE-2023-25141)
* Vulnerability report and fix: CVE-2023-22849: Apache Sling App CMS: XSS in CMS Reference / UI Components (Feb 3rd, 2023), see [https://www.cve.org/CVERecord?id=CVE-2023-22849](https://www.cve.org/CVERecord?id=CVE-2023-22849)
* Vulnerability report and fix: CVE-2022-46769: Apache Sling CMS Reflected XSS Vulnerability (January 1st, 2022), see [https://www.cve.org/CVERecord?id=CVE-2022-46769](https://www.cve.org/CVERecord?id=CVE-2022-46769)
* Vulnerability report and fix: CVE-2022-43670: Apache Sling CMS Reflected XSS Vulnerability (November 1st, 2022), see [http://s.apache.org/CVE-2022-43670](http://s.apache.org/CVE-2022-43670)
* Released [Apache Sling 12](/news/sling-12-released.html) (March 18th, 2022).
* Security Advisory: [Apache Sling advisory regarding CVE-2021-44228 and LOGBACK-1591](./security/log4shell.html)
* Our documentation pages now have an edit link in their footer: patches, which are very welcome, are now easier than ever!
* The new [hierarchical sitemap](./sitemap.html) helps you find the right page, along with the existing [tags pages](./tags/development.html).
* Released [Apache Sling Adapter Annotations 2.0](https://github.com/apache/sling-org-apache-sling-adapter-annotations), a new module that implements OSGi DS 1.4 component property type annotations for Sling Adapters.
* The virtual adaptTo() 2020 conference took place in September and [video recordings will be available soon](https://adapt.to/2020/en/schedule.html).
* Vulnerability report and fix: CVE-2020-1949: Apache Sling CMS Reflected XSS Vulnerability (March 24th, 2020), see [http://s.apache.org/CVE-2020-1949](http://s.apache.org/CVE-2020-1949)
* The [adaptTo() 2019 conference](https://adapt.to/2019/) took place in Berlin, Germany. (September 2-4, 2019).
* Released [Apache Sling 11](/news/sling-11-released.html) (October 23rd, 2018).
* The [adaptTo() 2018 conference](https://adapt.to/2018/) took place in Potsdam, Germany. (September 10-12, 2018).
* Released [Apache Sling Pipes 2.0.2](/documentation/bundles/sling-pipes.html) (February 7th, 2018).
* Released [Apache Sling 10](/news/sling-10-released.html) (February 6th, 2018).
* Released [Apache Sling IDE Tooling for Eclipse 1.2.0](/news/sling-ide-tooling-12-released.html) (January 21st, 2018).
* Sling has moved to Git (October 20, 2017)
* The [adaptTo() 2017 conference](https://adapt.to/2017/en.html) took place in Berlin. (September 25-27, 2017). 
* Released [Apache Sling 9](/news/sling-launchpad-9-released.html) (June 12th, 2017)
* The [adaptTo() 2016 conference](https://adapt.to/2016/en.html) took place in Berlin. (September 26-28, 2016). 
* Released [Apache Sling IDE Tooling for Eclipse 1.1.0](/news/sling-ide-tooling-11-released.html) (March 14th, 2016)
* Released [Apache Sling 8](/news/sling-launchpad-8-released.html) (October 16th, 2015)
* The [adaptTo() 2015 conference](https://adapt.to/2015/en.html) took place in Berlin. (September 28-30, 2015). 
* Released Apache Sling 7 (October 3th, 2014)
* The [adaptTo() 2014 conference](https://adapt.to/2014/en.html) took place in Berlin. (September 22-24, 2014). 
* The [adaptTo() 2013 conference](https://adapt.to/2013/en.html) took place in Berlin. (September 23-25, 2013). 
* The [adaptTo() 2012 conference](https://adapt.to/2012/en.html) took place in Berlin. (September 26-28, 2012). 
* Vulnerability report and fix: CVE-2012-2138 Apache Sling denial of service vulnerability (July 6th, 2012), see [http://s.apache.org/CVE-2012-2138](http://s.apache.org/CVE-2012-2138)
* The [adaptTo() 2011 conference](https://adapt.to/2011/en.html) took place in Berlin. (September 15-16, 2011). 
* Released [Apache Sling 6](http://markmail.org/thread/hv5vd5774ofwqu6j) (March 28, 2011)
* Sling site at http://sling.apache.org live (June 29, 2009)
* Mailing lists moved to dev(a)sling.apache.org and commits(a)sling.apache.org (June 29, 2009)
* SVN moved to http://svn.apache.org/repos/asf/sling (June 18, 2009)
* Apache Sling has graduated into a top level project! (June 17, 2009)

# History

Sling started as an internal project at [Day Software](http://www.day.com)
, and entered the Apache Incubator in September 2007. As of June, 17th,
2009 Apache Sling is a top level project of the Apache Software Foundation.

The name "Sling" has been proposed by Roy Fielding who explained it like
this:

> \[The name is\] Biblical in nature.  The story of David: the weapon he
> uses to slay the giant Goliath is a sling.  Hence, our David's
> \[David Nuescheler, CTO of Day Software\] favorite weapon.

> It is also the simplest device for delivering content very fast.