[MGNLSTK-1533] Web Application Penetration Test with Acunetix tools find vulnerable Javascript library Created: 17/Jun/16  Updated: 02/Jul/18  Resolved: 02/Jul/18

Status: Closed
Project: Magnolia Standard Templating Kit (closed)
Component/s: templates
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Critical
Reporter: Mario Ravasi Assignee: Unassigned
Resolution: Won't Do Votes: 0
Labels: architecture
Remaining Estimate: 20d
Time Spent: Not Specified
Original Estimate: 20d
Environment:

TOMCAT 7.0.54 - APACHE 2.2.27 - mangolia Enterprise Edition, 4.5.14


Template:
Acceptance criteria:
Empty
Date of First Response:

 Description   

Some vulnerability tests with tools like Acunetix, have found a vulnerability for our www.bpm.it sites for the presence of magnolia libraries

  • jquery 1.8.3 and
  • flowplayer.
    Both libraries are provided with magnolia module STK (Standard Templating Kit). Going to update the libraries are created compatibility issues on some magnolia components supplied with STK module.
    This upgrade requires rewriting much of the site with relevant certification tests with much and much effort.

OUR request is if there are other compatible libraries that resolv the problem and allows US make NO changes to our software



 Comments   
Comment by Jan Haderka [ 02/Jul/18 ]

STK have been deprecated in September 2017. As part of this project nearing end-of-life, we are not planning to fix any of the existing issues except for the critical security issues. For more details, please consult documentation.

Generated at Mon Feb 12 07:37:29 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.