-
Velocity's vulnerabilities have never created vulnerabilities in SmartClient. The latest versions already use a patched version of Velocity that doesn't have those vulnerabilities.Leave a comment:
-
Velocity jar in smartclient SmartClient_v121p_2024-10-20_Enterprise
Hi,
We are using SmartClient_v121p_2024-10-20_Enterprise. It uses velocity 1.7 jar which has lot of security vulnerabilities. Is smartclient affected by these vulnerabilities? If yes, are you planning to upgrade to velocity engine core 2.4.1 version where all these vulnerabilities are addressed?
If not what is the solution? can we change the velocity 1.7 dependency to velocity engine core 2.4.1, will smartclient work?
Thanks,Last edited by b2bidev; 21 Mar 2025, 08:13.
- You need to login (link above) before you can post. If you do not yet have an account, please register.
Leave a comment: