Konrad Windszus

Should be fixed again in 2.22.8.

@bpauli Can you please close this issue and set the according fix version

The parameter `repoToken` is the Coveralls Repo Token (https://github.com/trautonen/coveralls-maven-plugin/blob/8b8995e42768a25c8db6e85ede62238bf4606cb2/src/main/java/org/eluder/coveralls/maven/plugin/json/JsonWriter.java#L77 and https://docs.coveralls.io/api-introduction). But nowadays Coveralls supports tokenless authentication: https://github.com/codecov/codecov-action/issues/29#issuecomment-595288709. The coveralls-action uses this bash script to construct the API Request URL...

I think this issue is only about removing the dependency from the spotbug annotations module, not from the core in general.

Also compare with the check in https://github.com/0ang3el/aem-hacker/blob/3ce91f217b259b0b4e6abd07f56d453b0c82b46b/aem_hacker.py#L619.

@krystiannowak Thanks for the pointers. Still I would consider that an insecure default. Maybe you can somehow tweak the dispatcher to only allow `Bearer` authentication scheme (https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#authentication_schemes) or at least...

Please rather update to the most recent 1.3.4.

Please also add a reference to #676 in the commit message to autolink it.

@Vocinglero Can you share a yaml which allows us to reproduce the error?

@Vocinglero Thanks, I could reproduce. The full stack trace from the exception is as follows: ``` javax.jcr.query.InvalidQueryException: java.text.ParseException: Query:_/jcr:root/content/dam/brands/21(*)c/global-marketing/*; expected: jcr:root, /, *, @, (, . at org.apache.jackrabbit.oak.jcr.query.QueryManagerImpl.executeQuery(QueryManagerImpl.java:149) [org.apache.jackrabbit.oak-jcr:1.60.0.T20240131102219-0cde853] at...