Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-21363

The "Environment Vulnerabilities" disclaimer is not accurate

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 15.10
    • 15.8
    • Extension - Security
    • None
    • Unknown
    • N/A
    • N/A

    Description

      It claims that those vulnerabilities have nothing to do with XWiki and that it "can't be fixed by upgrading XWiki" which is not true since most of the reported vulnerabilities are from JARs located in the XWiki WAR. It actually can only be done by upgrading XWiki itself and not the extension, contrary to the other tab (which list installed extensions).

      Notice ivy and commons-compress versions which are actually XWiki 15.7 versions (in XWiki 15.8 we have respectively ivy 2.5.2 and commons-compress 1.24.0).

      Attachments

        Issue Links

          depends on

          Bug - A problem which impairs or prevents the functions of the product. XCOMMONS-2874 DefaultCoreExtensionScanner#loadEnvironmentExtension does not set extension url

          • Major - Major loss of function.
          • Closed

          Activity

            People

              mleduc Manuel Leduc
              tmortagne Thomas Mortagne
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: