Description:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/commons-io/commons-io/2.5/commons-io-2.5.jar
MD5: e2d74794fba570ec2115fb9d5b05dc9b
SHA1: 2852e6e05fbb95076fc091f6d1780f1f8fe35e0f
SHA256: a10418348d234968600ccb1d988efcbbd08716e1d96936ccc1880e7d22513474
Referenced In Project/Scope: AEM Content Package Builder:compile
Evidence Type Source Name Value Confidence Vendor pom groupid commons-io Highest Vendor jar package name apache Highest Vendor file name commons-io High Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest implementation-build tags/commons-io-2.5@r1739098; 2016-04-14 09:19:54-0400 Low Vendor pom name Apache Commons IO High Vendor jar package name commons Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom artifactid commons-io Low Vendor pom parent-groupid org.apache.commons Medium Vendor jar package name io Highest Vendor Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low Vendor pom url http://commons.apache.org/proper/commons-io/ Highest Vendor pom parent-artifactid commons-parent Low Vendor Manifest bundle-symbolicname org.apache.commons.io Medium Vendor Manifest Implementation-Vendor-Id org.apache Medium Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low Product jar package name apache Highest Product pom groupid commons-io Highest Product file name commons-io High Product pom url http://commons.apache.org/proper/commons-io/ Medium Product Manifest implementation-build tags/commons-io-2.5@r1739098; 2016-04-14 09:19:54-0400 Low Product pom name Apache Commons IO High Product jar package name commons Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))" Low Product pom parent-groupid org.apache.commons Medium Product jar package name io Highest Product Manifest specification-title Apache Commons IO Medium Product pom artifactid commons-io Highest Product Manifest implementation-url http://commons.apache.org/proper/commons-io/ Low Product Manifest Implementation-Title Apache Commons IO High Product pom parent-artifactid commons-parent Medium Product Manifest bundle-symbolicname org.apache.commons.io Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-io/ Low Product Manifest Bundle-Name Apache Commons IO Medium Version file version 2.5 High Version pom parent-version 2.5 Low Version pom version 2.5 Highest Version Manifest Implementation-Version 2.5 High
Published Vulnerabilities CVE-2021-29425 suppress
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSSv2:
Base Score: MEDIUM (5.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N CVSSv3:
Base Score: MEDIUM (4.8) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N References:
Vulnerable Software & Versions: (show all )
Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.6/commons-lang3-3.6.jar
MD5: 5d18f68b5122fd398c118df53ab4cf55
SHA1: 9d28a6b23650e8a7e9063c04588ace6cf7012c17
SHA256: 89c27f03fff18d0b06e7afd7ef25e209766df95b6c1269d6c3ebbdea48d5f284
Referenced In Project/Scope: AEM Content Package Builder:compile
Evidence Type Source Name Value Confidence Vendor jar package name apache Highest Vendor Manifest automatic-module-name org.apache.commons.lang3 Medium Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Vendor pom url http://commons.apache.org/proper/commons-lang/ Highest Vendor jar package name commons Highest Vendor Manifest bundle-symbolicname org.apache.commons.lang3 Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor pom parent-groupid org.apache.commons Medium Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Vendor pom artifactid commons-lang3 Low Vendor jar package name lang3 Highest Vendor pom parent-artifactid commons-parent Low Vendor pom groupid org.apache.commons Highest Vendor Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Vendor Manifest Implementation-Vendor-Id org.apache.commons Medium Vendor file name commons-lang3 High Vendor pom name Apache Commons Lang High Vendor pom groupid apache.commons Highest Product jar package name apache Highest Product Manifest Bundle-Name Apache Commons Lang Medium Product Manifest automatic-module-name org.apache.commons.lang3 Medium Product Manifest bundle-docurl http://commons.apache.org/proper/commons-lang/ Low Product jar package name commons Highest Product Manifest bundle-symbolicname org.apache.commons.lang3 Medium Product pom artifactid commons-lang3 Highest Product pom parent-groupid org.apache.commons Medium Product Manifest Implementation-Title Apache Commons Lang High Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))" Low Product Manifest specification-title Apache Commons Lang Medium Product jar package name lang3 Highest Product Manifest implementation-url http://commons.apache.org/proper/commons-lang/ Low Product pom parent-artifactid commons-parent Medium Product pom url http://commons.apache.org/proper/commons-lang/ Medium Product file name commons-lang3 High Product pom name Apache Commons Lang High Product pom groupid apache.commons Highest Version pom parent-version 3.6 Low Version file version 3.6 High Version Manifest Implementation-Version 3.6 High Version pom version 3.6 Highest
Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has two code dependencies - javax.annotation
per the JSR-305 spec and javax.inject per the JSR-330 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/guava/guava/15.0/guava-15.0.jar
MD5: 2c10bb2ca3ac8b55b0e77e54a7eb3744
SHA1: ed727a8d9f247e2050281cb083f1c77b09dcb5cd
SHA256: 7a34575770eebc60a5476616e3676a6cb6f2975c78c415e2a6014ac724ba5783
Referenced In Project/Scope: AEM Content Package Builder:compile
Evidence Type Source Name Value Confidence Vendor pom groupid com.google.guava Highest Vendor pom groupid google.guava Highest Vendor pom artifactid guava Low Vendor file name guava High Vendor jar package name google Highest Vendor Manifest bundle-symbolicname com.google.guava Medium Vendor pom parent-groupid com.google.guava Medium Vendor pom name Guava: Google Core Libraries for Java High Vendor pom parent-artifactid guava-parent Low Product Manifest Bundle-Name Guava: Google Core Libraries for Java Medium Product pom groupid google.guava Highest Product file name guava High Product jar package name google Highest Product Manifest bundle-symbolicname com.google.guava Medium Product pom parent-groupid com.google.guava Medium Product pom parent-artifactid guava-parent Medium Product pom name Guava: Google Core Libraries for Java High Product pom artifactid guava Highest Version pom version 15.0 Highest Version file version 15.0 High
Published Vulnerabilities CVE-2018-10237 suppress
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv2:
Base Score: MEDIUM (4.3) Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P CVSSv3:
Base Score: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H References:
CONFIRM - https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion MISC - https://www.oracle.com/security-alerts/cpujan2021.html MISC - https://www.oracle.com/security-alerts/cpujul2020.html MISC - https://www.oracle.com/security-alerts/cpuoct2021.html MLIST - [activemq-gitbox] 20190530 [GitHub] [activemq-artemis] brusdev opened a new pull request #2687: ARTEMIS-2359 Upgrade to Guava 24.1 MLIST - [activemq-issues] 20190516 [jira] [Created] (AMQ-7208) Security Issue related to Guava 18.0 MLIST - [activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar MLIST - [arrow-github] 20210610 [GitHub] [arrow] projjal opened a new pull request #10501: ARROW-13032: Update guava version MLIST - [cassandra-commits] 20190612 [jira] [Assigned] (CASSANDRA-14760) CVE-2018-10237 Security vulnerability in 3.11.3 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] davidkarlsen opened a new pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200206 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200211 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] andrei-ivanov commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] coheigea commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [cxf-dev] 20200420 [GitHub] [cxf] reta commented on a change in pull request #638: upgrade guava, CVE-2018-10237 MLIST - [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities MLIST - [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities MLIST - [flink-dev] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [flink-dev] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200806 [jira] [Created] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20200814 [jira] [Commented] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-issues] 20210212 [jira] [Closed] (FLINK-18841) CVE-2018-10237 and CWE-400 occurred in flink dependency MLIST - [flink-user] 20200806 Dependency vulnerabilities with Apache Flink 1.10.1 version MLIST - [hadoop-common-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [hadoop-common-dev] 20200623 Update guava to 27.0-jre in hadoop branch-2.10 MLIST - [hadoop-hdfs-dev] 20190401 Update guava to 27.0-jre in hadoop-project MLIST - [kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka MLIST - [lucene-issues] 20201022 [jira] [Created] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Resolved] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [lucene-issues] 20201022 [jira] [Updated] (SOLR-14960) Solr-clustering is bringing in CVE-2018-10237 vulnerable guava MLIST - [maven-issues] 20210122 [GitHub] [maven-indexer] akurtakov opened a new pull request #75: Remove guava dependency from indexer-core MLIST - [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1 MLIST - [pulsar-commits] 20210406 [GitHub] [pulsar] lhotari opened a new pull request #10149: Upgrade jclouds to 2.3.0 to fix security vulnerabilities MLIST - [samza-commits] 20210310 [GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes MLIST - [storm-issues] 20210315 [jira] [Created] (STORM-3754) Upgrade Guava version because of security vulnerability MLIST - [syncope-dev] 20200423 Re: Time to cut 2.1.6 / 2.0.15? N/A - N/A OSSINDEX - [CVE-2018-10237] Deserialization of Untrusted Data REDHAT - RHSA-2018:2423 REDHAT - RHSA-2018:2424 REDHAT - RHSA-2018:2425 REDHAT - RHSA-2018:2428 REDHAT - RHSA-2018:2598 REDHAT - RHSA-2018:2643 REDHAT - RHSA-2018:2740 REDHAT - RHSA-2018:2741 REDHAT - RHSA-2018:2742 REDHAT - RHSA-2018:2743 REDHAT - RHSA-2018:2927 REDHAT - RHSA-2019:2858 REDHAT - RHSA-2019:3149 SECTRACK - 1041707 Vulnerable Software & Versions: (show all )
CVE-2020-8908 suppress
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. CWE-732 Incorrect Permission Assignment for Critical Resource
CVSSv2:
Base Score: LOW (2.1) Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N CVSSv3:
Base Score: LOW (3.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N References:
Vulnerable Software & Versions: (show all )
Description:
Jackrabbit-specific extensions to the JCR API License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/jackrabbit/jackrabbit-api/2.16.0/jackrabbit-api-2.16.0.jar
MD5: 4f66766e7153e75726867e49781346c4
SHA1: 0bda9c9da2ca4d6fc14918ebf7b5ab1f72e5a089
SHA256: 51e881d990efef071ea6f201fce7e6c660f359faa10873106017098a506e0953
Referenced In Project/Scope: AEM Content Package Builder:compile
Evidence Type Source Name Value Confidence Vendor jar package name jackrabbit Highest Vendor jar package name apache Highest Vendor pom groupid org.apache.jackrabbit Highest Vendor pom artifactid jackrabbit-api Low Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest bundle-docurl http://jackrabbit.apache.org Low Vendor pom parent-groupid org.apache.jackrabbit Medium Vendor pom name Apache Jackrabbit API High Vendor pom groupid apache.jackrabbit Highest Vendor Manifest bundle-symbolicname org.apache.jackrabbit.jackrabbit-api Medium Vendor jar package name api Highest Vendor file name jackrabbit-api High Vendor pom parent-artifactid jackrabbit-parent Low Product jar package name jackrabbit Highest Product jar package name apache Highest Product Manifest Bundle-Name Apache Jackrabbit API Medium Product pom artifactid jackrabbit-api Highest Product pom parent-artifactid jackrabbit-parent Medium Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest bundle-docurl http://jackrabbit.apache.org Low Product pom parent-groupid org.apache.jackrabbit Medium Product pom name Apache Jackrabbit API High Product pom groupid apache.jackrabbit Highest Product Manifest bundle-symbolicname org.apache.jackrabbit.jackrabbit-api Medium Product jar package name api Highest Product file name jackrabbit-api High Version file version 2.16.0 High Version pom version 2.16.0 Highest Version Manifest Bundle-Version 2.16.0 High
Related Dependencies jackrabbit-jcr-commons-2.16.0.jarFile Path: /home/runner/.m2/repository/org/apache/jackrabbit/jackrabbit-jcr-commons/2.16.0/jackrabbit-jcr-commons-2.16.0.jar MD5: 0c5f517ca6b857dc51a497d31b5b4549 SHA1: d38f9bc34aadd014de31b401b5aa6244e6ced665 SHA256: 35082c387d6903ab0a1726d8a70b659864b68ed83aa347fb6bc2803ee1c53f06 pkg:maven/org.apache.jackrabbit/jackrabbit-jcr-commons@2.16.0 Description:
The Content Repository API for JavaTM Technology Version 2.0 is specified by JSR-283.
This module contains the complete API as specified.
License:
Day Specification License: http://www.day.com/dam/day/downloads/jsr283/day-spec-license.htm
Day Specification License addendum: http://www.day.com/content/dam/day/downloads/jsr283/LICENSE.txt File Path: /home/runner/.m2/repository/javax/jcr/jcr/2.0/jcr-2.0.jar
MD5: ede5e78b16c8ed298ce0b6d296584ebd
SHA1: 08297216bcfe4aea369ed6ee0d1718133f752e97
SHA256: cbf083bc58cb88a0c19112187a4c52d3115f525b5bb7f2913635f5679e6e9743
Referenced In Project/Scope: AEM Content Package Builder:compile
Evidence Type Source Name Value Confidence Vendor file name jcr High Vendor jar package name javax Highest Vendor pom groupid javax.jcr Highest Vendor pom artifactid jcr Low Vendor jar package name repository Highest Vendor jar package name version Highest Vendor Manifest bundle-category jcr Low Vendor Manifest bundle-docurl http://www.jcp.org/en/jsr/detail?id=283 Low Vendor pom organization name Day Software High Vendor pom organization url http://www.day.com Medium Vendor pom name Content Repository for JavaTM Technology API High Vendor pom url http://www.jcp.org/en/jsr/detail?id=283 Highest Vendor Manifest bundle-symbolicname javax.jcr Medium Vendor jar package name jcr Highest Product file name jcr High Product jar package name javax Highest Product pom groupid javax.jcr Highest Product jar package name repository Highest Product jar package name version Highest Product Manifest bundle-category jcr Low Product Manifest bundle-docurl http://www.jcp.org/en/jsr/detail?id=283 Low Product pom url http://www.jcp.org/en/jsr/detail?id=283 Medium Product pom artifactid jcr Highest Product pom organization url http://www.day.com Low Product pom organization name Day Software Low Product pom name Content Repository for JavaTM Technology API High Product Manifest bundle-symbolicname javax.jcr Medium Product jar package name jcr Highest Product Manifest Bundle-Name Content Repository for JavaTM Technology API Medium Version pom version 2.0 Highest Version Manifest Bundle-Version 2.0 High Version file version 2.0 High
Description:
Builds an OSGi bundle for the file vault parts
License:
http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/jackrabbit/vault/org.apache.jackrabbit.vault/3.1.44/org.apache.jackrabbit.vault-3.1.44.jar
MD5: 6fcbf022b81ce371d7c31d06d1a147ba
SHA1: 10b5306bf2432bfd8a4ec3b18007eff383985808
SHA256: 42d903a39f2b8c4003f9c58510abb049655399157cfc760540a58daf35273735
Referenced In Project/Scope: AEM Content Package Builder:compile
Evidence Type Source Name Value Confidence Vendor jar package name jackrabbit Highest Vendor Manifest provide-capability osgi.service;objectClass:List="javax.management.DynamicMBean",osgi.service;objectClass:List="org.apache.jackrabbit.vault.packaging.Packaging",osgi.service;objectClass:List="org.apache.jackrabbit.vault.packaging.events.PackageEventListener",osgi.service;objectClass:List="org.apache.jackrabbit.vault.packaging.events.impl.PackageEventDispatcher" Low Vendor jar package name apache Highest Vendor Manifest bundle-symbolicname org.apache.jackrabbit.vault Medium Vendor pom parent-groupid org.apache.jackrabbit.vault Medium Vendor pom groupid org.apache.jackrabbit.vault Highest Vendor pom groupid apache.jackrabbit.vault Highest Vendor pom parent-artifactid parent Low Vendor Manifest require-capability osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.3.0)(!(version>=2.0.0)))",osgi.service;filter:="(objectClass=org.apache.jackrabbit.vault.packaging.events.PackageEventListener)";effective:=active;resolution:=optional;cardinality:=multiple,osgi.service;filter:="(objectClass=org.apache.jackrabbit.vault.packaging.events.impl.PackageEventDispatcher)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.jcr.api.SlingRepository)";effective:=active;resolution:=optional,osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest embedded-artifacts jackrabbit-spi-commons-2.16.1.jar;g="org.apache.jackrabbit";a="jackrabbit-spi-commons";v="2.16.1",jackrabbit-spi-2.16.1.jar;g="org.apache.jackrabbit";a="jackrabbit-spi";v="2.16.1" Low Vendor Manifest bundle-docurl http://jackrabbit.apache.org/filevault/ Low Vendor pom name Apache Jackrabbit FileVault Core Bundle High Vendor Manifest bundle-category jackrabbit Low Vendor file name org.apache.jackrabbit.vault High Vendor jar package name vault Highest Vendor pom artifactid apache.jackrabbit.vault Low Vendor Manifest service-component OSGI-INF/org.apache.jackrabbit.vault.packaging.events.impl.PackageEventDispatcherImpl.xml,OSGI-INF/org.apache.jackrabbit.vault.packaging.impl.ActivityLog.xml,OSGI-INF/org.apache.jackrabbit.vault.packaging.impl.PackageManagerMBeanImpl.xml,OSGI-INF/org.apache.jackrabbit.vault.packaging.impl.PackagingImpl.xml Low Product jar package name jackrabbit Highest Product Manifest provide-capability osgi.service;objectClass:List="javax.management.DynamicMBean",osgi.service;objectClass:List="org.apache.jackrabbit.vault.packaging.Packaging",osgi.service;objectClass:List="org.apache.jackrabbit.vault.packaging.events.PackageEventListener",osgi.service;objectClass:List="org.apache.jackrabbit.vault.packaging.events.impl.PackageEventDispatcher" Low Product jar package name apache Highest Product pom parent-artifactid parent Medium Product Manifest bundle-symbolicname org.apache.jackrabbit.vault Medium Product pom parent-groupid org.apache.jackrabbit.vault Medium Product pom artifactid apache.jackrabbit.vault Highest Product pom groupid apache.jackrabbit.vault Highest Product jar package name packaging Highest Product Manifest require-capability osgi.extender;filter:="(&(osgi.extender=osgi.component)(version>=1.3.0)(!(version>=2.0.0)))",osgi.service;filter:="(objectClass=org.apache.jackrabbit.vault.packaging.events.PackageEventListener)";effective:=active;resolution:=optional;cardinality:=multiple,osgi.service;filter:="(objectClass=org.apache.jackrabbit.vault.packaging.events.impl.PackageEventDispatcher)";effective:=active,osgi.service;filter:="(objectClass=org.apache.sling.jcr.api.SlingRepository)";effective:=active;resolution:=optional,osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest embedded-artifacts jackrabbit-spi-commons-2.16.1.jar;g="org.apache.jackrabbit";a="jackrabbit-spi-commons";v="2.16.1",jackrabbit-spi-2.16.1.jar;g="org.apache.jackrabbit";a="jackrabbit-spi";v="2.16.1" Low Product pom artifactid org.apache.jackrabbit.vault Highest Product Manifest bundle-docurl http://jackrabbit.apache.org/filevault/ Low Product pom name Apache Jackrabbit FileVault Core Bundle High Product Manifest bundle-category jackrabbit Low Product file name org.apache.jackrabbit.vault High Product jar package name vault Highest Product Manifest Bundle-Name Apache Jackrabbit FileVault Core Bundle Medium Product Manifest service-component OSGI-INF/org.apache.jackrabbit.vault.packaging.events.impl.PackageEventDispatcherImpl.xml,OSGI-INF/org.apache.jackrabbit.vault.packaging.impl.ActivityLog.xml,OSGI-INF/org.apache.jackrabbit.vault.packaging.impl.PackageManagerMBeanImpl.xml,OSGI-INF/org.apache.jackrabbit.vault.packaging.impl.PackagingImpl.xml Low Version Manifest Bundle-Version 3.1.44 High Version pom version 3.1.44 Highest Version file version 3.1.44 High
Description:
The Apache Jackrabbit™ content repository is a fully conforming implementation of the Content Repository for Java Technology API (JCR, specified in JSR 170 and 283). A content repository is a hierarchical content store with support for structured and unstructured content, full text search, versioning, transactions, observation, and more. Apache Jackrabbit is a project of the Apache Software Foundation. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/jackrabbit/vault/org.apache.jackrabbit.vault/3.1.44/org.apache.jackrabbit.vault-3.1.44.jar/jackrabbit-spi-2.16.1.jar
MD5: 34af186319cfc56397ae5374275b7255
SHA1: d8fa398bc1ef0d943a94c0b93bf000705fd5c13d
SHA256: 4b09b47b7fe69f12c2d9f61d9bc97a3881b140d79c22453e32e84b95edf8b006
Referenced In Project/Scope: AEM Content Package Builder:compile
Evidence Type Source Name Value Confidence Vendor file name jackrabbit-spi High Vendor jar package name jackrabbit Highest Vendor jar package name apache Highest Vendor pom artifactid jackrabbit-spi Low Vendor Manifest bundle-symbolicname org.apache.jackrabbit.jackrabbit-spi Medium Vendor jar package name spi Highest Vendor Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Vendor Manifest bundle-docurl http://jackrabbit.apache.org Low Vendor pom name Jackrabbit SPI High Vendor pom parent-groupid org.apache.jackrabbit Medium Vendor pom groupid apache.jackrabbit Highest Vendor pom parent-artifactid jackrabbit-parent Low Product file name jackrabbit-spi High Product jar package name jackrabbit Highest Product jar package name apache Highest Product pom parent-artifactid jackrabbit-parent Medium Product Manifest bundle-symbolicname org.apache.jackrabbit.jackrabbit-spi Medium Product jar package name spi Highest Product Manifest require-capability osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))" Low Product Manifest bundle-docurl http://jackrabbit.apache.org Low Product pom name Jackrabbit SPI High Product pom parent-groupid org.apache.jackrabbit Medium Product pom artifactid jackrabbit-spi Highest Product Manifest Bundle-Name Jackrabbit SPI Medium Product pom groupid apache.jackrabbit Highest Version file version 2.16.1 High Version Manifest Bundle-Version 2.16.1 High Version pom version 2.16.1 Highest
Related Dependencies org.apache.jackrabbit.vault-3.1.44.jar: jackrabbit-spi-commons-2.16.1.jarFile Path: /home/runner/.m2/repository/org/apache/jackrabbit/vault/org.apache.jackrabbit.vault/3.1.44/org.apache.jackrabbit.vault-3.1.44.jar/jackrabbit-spi-commons-2.16.1.jar MD5: df7d4cc751459924e6afabd6449db6f8 SHA1: 36891f581abfa7e33b81593e0863ab47e03a3f66 SHA256: 04242b0755db906cc9ed1836167a09501e083482a74f29b208fe5c451310ce3a pkg:maven/org.apache.jackrabbit/jackrabbit-spi-commons@2.16.1