Oxygen XML Forum


https://www.oxygenxml.com/forum/

Security issue reported in Third Party Libraries in OXygen Webhelp Responsive plugin from Version 20.1 till V22

https://www.oxygenxml.com/forum/viewtopic.php?t=21467

Page 1 of 1

Security issue reported in Third Party Libraries in OXygen Webhelp Responsive plugin from Version 20.1 till V22

Posted: Fri May 15, 2020 2:51 pm
by shrinidhiha
Has anybody gone security scanning of the Third Party Libraries used in Oxygen Webhelp v20 till V22?
Require.js, bootstrap.js and Jquery 3.2.1.js libraries are reported with Security Vulnerabilities? How are these vulnerabilities addressed and is there any dependency on Oxygen Webhelp plugin?

Can anyone give insight on this?


Thanks in advance.

Re: Security issue reported in Third Party Libraries in OXygen Webhelp Responsive plugin from Version 20.1 till V22

Posted: Fri May 22, 2020 10:19 am
by bogdan_cercelaru
Hello,

Thank you for contacting us.
Our security response policy can be found here: https://www.oxygenxml.com/security/.
We are continuously improve our product security and update the integrated third party libraries.
In the new version, v22.1 that was just released we integrate the following versions:
1. RequireJS v2.3.5
2. Bootstrap v4.4.4
3. jQuery v3.4.1

As far as I know there are no vulnerabilities found for the included version of RequireJS and Bootstrap. We already have logged an issue in our issue tracking system to update the jQuery library to the newest version.

Please send us more details regarding the vulnerabilities reported by your security team for further investigation.

Regards,
Bogdan
All times are UTC+03:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited