Details
-
Type:
Task
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: EE-4.3.0.GA_P04, EE-3.3.0.GA_P10
-
Fix Version/s: EE-4.3.0.GA_P05, EE-3.3.0.GA_P11
-
Component/s: Release
-
Labels:None
-
Environment:Any
Description
One of our customers ran a Sonatype security scan on various versions of Icefaces binary bundles. The scan reported various vulnerabilities. However, after analyzing the report, it was observed that none of those vulnerabilities are in Icefaces code but in external libraries that are included in the bundles. Further analysis revealed that many of those libraries don't pose a risk as long as they aren't used for other purposes other than their original purpose within Icefaces. In some other cases newer versions of those libraries could completely eliminate the risks described in the report. This JIRA is to investigate how we can mitigate or eliminate those vulnerabilities in external libraries bundled with Icefaces from future releases.
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion
| Field | Original Value | New Value |
|---|---|---|
| Assignee | Arturo Zambrano [ artzambrano ] |
| Fix Version/s | EE-4.3.0.GA_P05 [ 14073 ] | |
| Fix Version/s | EE-3.3.0.GA_P11 [ 14074 ] |
| Attachment | Analysis of the Sonatype Security Scan of Icefaces 4.3.pdf [ 25028 ] | |
| Attachment | ICEfaces-EE-4.3.0.GA_P04-bin.pdf [ 25029 ] |
| Status | Open [ 1 ] | Resolved [ 5 ] |
| Resolution | Fixed [ 1 ] |