Velocity jar in smartclient SmartClient_v121p_2024-10-20_Enterprise - SmartClient Forums

You need to login (link above) before you can post. If you do not yet have an account, please register.

X

b2bidev

Registered Developer

Join Date: Sep 2024

Posts: 2
#1

Velocity jar in smartclient SmartClient_v121p_2024-10-20_Enterprise

21 Mar 2025, 08:11

Hi,

We are using SmartClient_v121p_2024-10-20_Enterprise. It uses velocity 1.7 jar which has lot of security vulnerabilities. Is smartclient affected by these vulnerabilities? If yes, are you planning to upgrade to velocity engine core 2.4.1 version where all these vulnerabilities are addressed?
If not what is the solution? can we change the velocity 1.7 dependency to velocity engine core 2.4.1, will smartclient work?
Thanks,

Last edited by b2bidev; 21 Mar 2025, 08:13.
Tags: None
Isomorphic

Administrator

Join Date: May 2006

Posts: 54840
#2

21 Mar 2025, 08:54

Velocity's vulnerabilities have never created vulnerabilities in SmartClient. The latest versions already use a patched version of Velocity that doesn't have those vulnerabilities.
Comment
b2bidev

Registered Developer

Join Date: Sep 2024

Posts: 2
#3

23 Mar 2025, 22:53

thank you
Comment

Previous template Next

Working...