Third Party Library Upgradation Request

Are you missing a feature? Request it's implementation here.
shrinidhiha
Posts: 3
Joined: Fri May 15, 2020 2:44 pm

Third Party Library Upgradation Request

Post by shrinidhiha » Fri May 15, 2020 3:01 pm

We have these security Vulnerabilities reported in Require.js, Bootstrap.js and JQuery3.2.1.js files.

I have clarification on these libraries.

1. Are we using any where rmilter and twitter-bootstrap-bundle in requires.js and bootstrap.js files? When we scanned the scripts by the security team, we are getting reported with vulnerabilities in these files. I am not sure are we using it in any version of the Oxygen-Webhelp Responsive from V20 till V22.
If so can we upgrade these libraries as well in V22 Release. As this is critical vulnreability.

2. JQuery 3.5.1 is released already with security vulnerability fix from 3.2.1 and 3.4.1. Can we have this JQuery library upgraded to 3.5.1 in V22 Release?
Please let us know any dependencies on these third party libraries.

These vulnreabilities reported are affecting oxygen-webhelp outputs on a whole. Can we address this at the earliest in v22 release?

I appreciate with prompt response on these queries.

bogdan_cercelaru
Posts: 221
Joined: Tue Jul 01, 2014 11:48 am

Re: Third Party Library Upgradation Request

Post by bogdan_cercelaru » Wed May 20, 2020 5:38 pm

Hello,

Thank you for contacting us.
We are continuously improve our product security and update the integrated third party libraries.
In the new version, v22.1 that was just released we integrate the following versions:
1. RequireJS v2.3.5
2. Bootstrap v4.4.4
3. jQuery v3.4.1

As far as I know there are no vulnerabilities found for the included version of RequireJS and Bootstrap. We already have logged an issue in our issue tracking system to update the jQuery library to the newest version.

Please send us more details regarding the vulnerabilities reported by your security team for further investigation.

Regards,
Bogdan
Bogdan Cercelaru
<oXygen/> XML Editor, Schema Editor and XSLT Editor/Debugger
http://www.oxygenxml.com

Post Reply