Vulnerable jar velocity-1.7.jar in SmartClient_v121p_2024-10-20_Enterprise - SmartClient Forums

You need to login (link above) before you can post. If you do not yet have an account, please register.

X

cs2000xli

Registered Developer

Join Date: Feb 2018

Posts: 1
#1

Vulnerable jar velocity-1.7.jar in SmartClient_v121p_2024-10-20_Enterprise

6 May 2025, 14:01

There is security vulnerability CVE-2020-13936 in velocity-1.7.jar.
1. Does SmartClient venerable? If this is not vulnerable, can you explain why?
2. According to IBM security policy, we must remove the vulnerable jar even the product is not vulnerable. Is there a new version of SmartClient without this vulnerable jar?
Tags: None
b2bidev

Registered Developer

Join Date: Sep 2024

Posts: 3
#2

Yesterday, 03:42

I need the answer urgently. Please reply
Comment
claudiobosticco

Registered Developer

Join Date: Sep 2008

Posts: 3285
#3

Yesterday, 04:44

Hello, see this post: https://forums.smartclient.com/forum...-vulnerability
Comment

Previous template Next

Working...

X