Security issue reported in Third Party Libraries in OXygen Webhelp Responsive plugin from Version 20.1 till V22

Having trouble installing <oXygen/>? Got a bug to report? Post it all here.
shrinidhiha
Posts: 3
Joined: Fri May 15, 2020 2:44 pm

Security issue reported in Third Party Libraries in OXygen Webhelp Responsive plugin from Version 20.1 till V22

Post by shrinidhiha » Fri May 15, 2020 2:51 pm

Has anybody gone security scanning of the Third Party Libraries used in Oxygen Webhelp v20 till V22?
Require.js, bootstrap.js and Jquery 3.2.1.js libraries are reported with Security Vulnerabilities? How are these vulnerabilities addressed and is there any dependency on Oxygen Webhelp plugin?

Can anyone give insight on this?


Thanks in advance.

bogdan_cercelaru
Posts: 221
Joined: Tue Jul 01, 2014 11:48 am

Re: Security issue reported in Third Party Libraries in OXygen Webhelp Responsive plugin from Version 20.1 till V22

Post by bogdan_cercelaru » Fri May 22, 2020 10:19 am

Hello,

Thank you for contacting us.
Our security response policy can be found here: https://www.oxygenxml.com/security/.
We are continuously improve our product security and update the integrated third party libraries.
In the new version, v22.1 that was just released we integrate the following versions:
1. RequireJS v2.3.5
2. Bootstrap v4.4.4
3. jQuery v3.4.1

As far as I know there are no vulnerabilities found for the included version of RequireJS and Bootstrap. We already have logged an issue in our issue tracking system to update the jQuery library to the newest version.

Please send us more details regarding the vulnerabilities reported by your security team for further investigation.

Regards,
Bogdan
Bogdan Cercelaru
<oXygen/> XML Editor, Schema Editor and XSLT Editor/Debugger
http://www.oxygenxml.com

Post Reply