Details
-
Type: Improvement
-
Status: Open
-
Priority: Major
-
Resolution: Unresolved
-
Affects Version/s: EE-4.3.0.GA_P05, EE-3.3.0.GA_P11
-
Fix Version/s: EE-4.3.0.GA_P06, EE-3.3.0.GA_P12
-
Component/s: Documentation
-
Labels:None
-
Environment:Any
Description
This JIRA is to review all the third-party libraries that are used by ICEfaces and to update them to newer versions that are as recent as feasible. The fact that ICEfaces uses javax.* packages, instead of the newer jakarta.* packages will be an important factor in determining how recent the newer libraries can be. The newer libraries should be thoroughly tested. Therefore, this JIRA should be completed as early as possible, in order to allow more time for testing. The main purpose of this improvement is to eliminate various vulnerabilities that some third-party libraries that we use are known to have. Those vulnerabilities don't pose a risk, as long as those third-party libraries aren't used for other purposes in an ICEfaces application other than the ones they are meant to be used by the ICEfaces framework itself, as explained in ICE-11548. However, it is best to completely eliminate those security risks and prevent those vulnerabilities from appearing in security scans. A report of all the libraries updated should be added to this JIRA, along with any relevant observations and notes, including those libraries for which we determined that it wasn't feasible to update them.
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion