version of apache velocity 1.7 vulnerability - SmartClient Forums

You need to login (link above) before you can post. If you do not yet have an account, please register.

X

ekaku

Registered Developer

Join Date: May 2021

Posts: 19
#1

version of apache velocity 1.7 vulnerability

26 May 2021, 18:35

I have a question.

apache velocity 1.7 vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2020-13936

I am use SmartGWT 12.1p(2121/4/8).I figured that version of smartclient is using velocity 1.7.
Will this vulnerability affect SmartGWT?

If affect is Yes, is there any plan to update to version apache velocity 2.3 recently? When will be released?
Tags: None
Isomorphic

Administrator

Join Date: May 2006

Posts: 54588
#2

26 May 2021, 18:41

This does not apply to the SmartGWT framework, because we do not provide an ability to for untrusted end users to upload Velocity templates.
Comment
ekaku

Registered Developer

Join Date: May 2021

Posts: 19
#3

26 May 2021, 18:48

Thank you for your answer.
Comment

Previous template Next

Working...

X