Details
-
Bug
-
Resolution: Fixed
-
Major
-
15.8
-
None
-
Unknown
-
N/A
-
N/A
-
Description
It claims that those vulnerabilities have nothing to do with XWiki and that it "can't be fixed by upgrading XWiki" which is not true since most of the reported vulnerabilities are from JARs located in the XWiki WAR. It actually can only be done by upgrading XWiki itself and not the extension, contrary to the other tab (which list installed extensions).
Notice ivy and commons-compress versions which are actually XWiki 15.7 versions (in XWiki 15.8 we have respectively ivy 2.5.2 and commons-compress 1.24.0).
Attachments
Issue Links
- depends on
-
XCOMMONS-2874 DefaultCoreExtensionScanner#loadEnvironmentExtension does not set extension url
- Closed