ICEfaces
  1. ICEfaces
  2. ICE-11548

Eliminate or mitigate vulnerabilities in external libraries used by Icefaces

    Details

    • Type: Task Task
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: EE-4.3.0.GA_P04, EE-3.3.0.GA_P10
    • Component/s: Release
    • Labels:
      None
    • Environment:
      Any

      Description

      One of our customers ran a Sonatype security scan on various versions of Icefaces binary bundles. The scan reported various vulnerabilities. However, after analyzing the report, it was observed that none of those vulnerabilities are in Icefaces code but in external libraries that are included in the bundles. Further analysis revealed that many of those libraries don't pose a risk as long as they aren't used for other purposes other than their original purpose within Icefaces. In some other cases newer versions of those libraries could completely eliminate the risks described in the report. This JIRA is to investigate how we can mitigate or eliminate those vulnerabilities in external libraries bundled with Icefaces from future releases.

        Activity

        Arturo Zambrano created issue -
        Arturo Zambrano made changes -
        Field Original Value New Value
        Assignee Arturo Zambrano [ artzambrano ]
        Arturo Zambrano made changes -
        Fix Version/s EE-4.3.0.GA_P05 [ 14073 ]
        Fix Version/s EE-3.3.0.GA_P11 [ 14074 ]
        Arturo Zambrano made changes -
        Arturo Zambrano made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]

          People

          • Assignee:
            Arturo Zambrano
            Reporter:
            Arturo Zambrano
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: