The problem is our sec scans raises red flags.
But I'll take your word and add an exception.
Thanks.
Announcement
Collapse
No announcement yet.
X
-
There is no actual security vulnerability in Velocity 1.7 given the way SmartClient uses it - the only vulnerability is if you allow untrusted end users to directly edit Velocity templates, and SmartClient never does that.
So there is no action that needs to be taken.
However, if you end up struggling with someone who doesn't understand security and insists that Velocity be upgraded, then yes, you need to upgrade to SmartClient 13+
Leave a comment:
-
Smartclient 12 with Velocity 2.3
Hi,
We have Smartclient 12.1p_2022-10-22 which comes with Velocity 1.7. But for security issues in that specific version of Velocity, we excluded it in pom and added a newer version, Velocity 2.3.
But now we are getting
Code:2023-07-05 20:39:22,727 ERROR (http-nio-8280-exec-5) [CustomIDACall] com.tnsi.serviceutils.web.servlet.CustomIDACall top-level exception java.lang.NoSuchMethodError: org.apache.velocity.context.Context.getKeys()[Ljava/lang/Object; at com.isomorphic.velocity.ISCReferenceInsertionEventHandler.<init>(ISCReferenceInsertionEventHandler.java:78) ~[isomorphic-core-rpc-12.1-p20221022.jar:?]
Tags: None
Leave a comment: