Announcement

Collapse
No announcement yet.
X
Collapse
  • Page of 1
  • Filter
  • Time
Clear All
new posts
Previous template Next
    #1

    Vulnerable jar velocity-1.7.jar in SmartClient_v121p_2024-10-20_Enterprise

    There is security vulnerability CVE-2020-13936 in velocity-1.7.jar.
    1. Does SmartClient venerable? If this is not vulnerable, can you explain why?
    2. According to IBM security policy, we must remove the vulnerable jar even the product is not vulnerable. Is there a new version of SmartClient without this vulnerable jar?
    Tags: None
    #2
    I need the answer urgently. Please reply

    Comment

      #3
      Hello, see this post: https://forums.smartclient.com/forum...-vulnerability

      Comment

        #4
        I am not satisfy the response in the previous thread "This does not apply to the SmartGWT framework, because we do not provide an ability to for untrusted end users to upload Velocity templates." We are asking a new version without the vulnerable jar. Some of our customers insist that the vulnerable jar should not be in the system

        Comment

        Previous template Next
        Working...
        X