OFBiz OFBiz - Dev

[jira] [Commented] (OFBIZ-5744) We need to upgrade Birt which uses Axis 1.4 because of CVE-2014-3596

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (OFBIZ-5744) We need to upgrade Birt which uses Axis 1.4 because of CVE-2014-3596

Nicolas Malin (Jira)

    [ https://issues.apache.org/jira/browse/OFBIZ-5744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14905969#comment-14905969 ]

Jacques Le Roux commented on OFBIZ-5744:
----------------------------------------

We need to upgrade it because of another issue with specialpurpose\birt\webapp\birt\webcontent\birt\ajax\lib\prototype.js

prototypejs 1.4.0 has known vulnerabilities: severity: high; CVE: CVE-2008-7220; http://www.cvedetails.com/cve/CVE-2008-7220/


> We need to upgrade Birt which uses Axis 1.4 because of CVE-2014-3596
> --------------------------------------------------------------------
>
>                 Key: OFBIZ-5744
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-5744
>             Project: OFBiz
>          Issue Type: Bug
>          Components: specialpurpose/birt
>    Affects Versions: 11.04.06, 12.04.05, 14.12.01
>            Reporter: Jacques Le Roux
>
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3596



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Free forum by Nabble Edit this page