Java libraries are vulnerable

Andrii · Juillet 12, 2023, 10:22

Hello

I saw after building open-suite-webapp v7.0.4 that the application uses vulnerable java libraries. When is the application planned to be released with newer libraries? Is it possible to update the libraries yourself?

jquery, version 1.12.4 is vulnerable: CVE-2020-11023, CVE-2020-11022, CVE-2015-925

AngularJS, version 1.4.14 is vulnerable: CVE-2019-10768, CVE-2020-7676, CVE-2019-14863

Moment.js version 2.10.3 is vulnerable: CVE-2022-24785, CVE-2017-18214, CVE-2016-4055

Underscore.js version 1.4.4 is vulnerable: CVE-2021-23358

bma-axelor · Juillet 14, 2023, 11:59

Hello,

Thank you so much for letting us know about this! We shall communicate with our team and keep you informed of any updates in a timely manner.

Regards,