SecureAEM
SecureAEM copied to clipboard
wttech
[](https://infosecwriteups.com/want-to-take-over-the-java-ecosystem-all-you-need-is-a-mitm-1fc329d898fb) --- This is a security fix for a high severity vulnerability in your [Apache Maven](https://maven.apache.org/) `pom.xml` file(s). The build files indicate that this project is resolving dependencies over HTTP...
Bumps org.apache.sling.api from 2.2.0 to 2.25.4. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [gson](https://github.com/google/gson) from 2.7 to 2.8.9. Release notes Sourced from gson's releases. Gson 2.8.9 Make OSGi bundle's dependency on sun.misc optional (#1993). Deprecate Gson.excluder() exposing internal Excluder class (#1986). Prevent...
Bumps httpclient from 4.2.3 to 4.5.13. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
Please create some documentation of potential vulnerabilities currently checked by SecureAEM. It's worth starting Wiki for this project.
Please replace the two separate lists in pageContent dialog with a list of path/content pairs (multifield). PageContentTest internally works on path/content pairs (including the comparison of the lengths of the...
Refactor CrxdeLogsTest.doTest() so that it performs the "logsAvailable" check for two paths: - /bin/crxde/logs?tail=100, - /system/console/slinglog/tailer.txt?tail=600&name=/logs/error.log.
Typical production environement contains multiple publish instances. Please extend Secure AEM so that it is able to check multiple instances at once. Following items might need to be updated: -...
BundlesTest.doTest() always returns true (as long as client is able to access system/console/bundles.json). Please update BundlesTest.doTest() so that it returns false (fails) whenever there is at least one development bundle...