Hi Isomorphic,
We are using SmartGWT 6.0 (Enterprise Deployment 2017-02-04).
It has been mandated for us to scan our code for vulnerabilities/flaws, and we are using Veracode for the same.
During this scan, we found close to 350 vulnerabilities in the Isomorphic packages.
Many of them relate to XSS (~90), SQL Injection (5), CRLF Injection(~40), Credentials Management (~30 - in .js files ), Insufficient Entropy (4), External Control of File Name or Path (~40) etc. among others.
To be able to certify our application, we have been asked to address these vulnerabilities.
Is there a plan to address these in the nightly builds/future versions? I can provide more details (classes/line # of the offending code) if needed. Please let me know.
Thanks!
We are using SmartGWT 6.0 (Enterprise Deployment 2017-02-04).
It has been mandated for us to scan our code for vulnerabilities/flaws, and we are using Veracode for the same.
During this scan, we found close to 350 vulnerabilities in the Isomorphic packages.
Many of them relate to XSS (~90), SQL Injection (5), CRLF Injection(~40), Credentials Management (~30 - in .js files ), Insufficient Entropy (4), External Control of File Name or Path (~40) etc. among others.
To be able to certify our application, we have been asked to address these vulnerabilities.
Is there a plan to address these in the nightly builds/future versions? I can provide more details (classes/line # of the offending code) if needed. Please let me know.
Thanks!
Comment