Security issue reported in Third Party Libraries in OXygen Webhelp Responsive plugin from Version 20.1 till V22
-
shrinidhiha
- Posts: 3
- Joined: Fri May 15, 2020 2:44 pm
Security issue reported in Third Party Libraries in OXygen Webhelp Responsive plugin from Version 20.1 till V22
Has anybody gone security scanning of the Third Party Libraries used in Oxygen Webhelp v20 till V22?
Require.js, bootstrap.js and Jquery 3.2.1.js libraries are reported with Security Vulnerabilities? How are these vulnerabilities addressed and is there any dependency on Oxygen Webhelp plugin?
Can anyone give insight on this?
Thanks in advance.
Require.js, bootstrap.js and Jquery 3.2.1.js libraries are reported with Security Vulnerabilities? How are these vulnerabilities addressed and is there any dependency on Oxygen Webhelp plugin?
Can anyone give insight on this?
Thanks in advance.
-
bogdan_cercelaru
- Posts: 222
- Joined: Tue Jul 01, 2014 11:48 am
Re: Security issue reported in Third Party Libraries in OXygen Webhelp Responsive plugin from Version 20.1 till V22
Hello,
Thank you for contacting us.
Our security response policy can be found here: https://www.oxygenxml.com/security/.
We are continuously improve our product security and update the integrated third party libraries.
In the new version, v22.1 that was just released we integrate the following versions:
1. RequireJS v2.3.5
2. Bootstrap v4.4.4
3. jQuery v3.4.1
As far as I know there are no vulnerabilities found for the included version of RequireJS and Bootstrap. We already have logged an issue in our issue tracking system to update the jQuery library to the newest version.
Please send us more details regarding the vulnerabilities reported by your security team for further investigation.
Regards,
Bogdan
Thank you for contacting us.
Our security response policy can be found here: https://www.oxygenxml.com/security/.
We are continuously improve our product security and update the integrated third party libraries.
In the new version, v22.1 that was just released we integrate the following versions:
1. RequireJS v2.3.5
2. Bootstrap v4.4.4
3. jQuery v3.4.1
As far as I know there are no vulnerabilities found for the included version of RequireJS and Bootstrap. We already have logged an issue in our issue tracking system to update the jQuery library to the newest version.
Please send us more details regarding the vulnerabilities reported by your security team for further investigation.
Regards,
Bogdan
Bogdan Cercelaru
<oXygen/> XML Editor, Schema Editor and XSLT Editor/Debugger
http://www.oxygenxml.com
<oXygen/> XML Editor, Schema Editor and XSLT Editor/Debugger
http://www.oxygenxml.com