This study by Aspect Security and Sonatype is making the rounds, and implies that GWT is the most-downloaded component in Maven central with security vulnerabilities:http://www.sonatype.com/
Products/Sonatype-Insight/Why- Insight/Mitigate-Security- Risks/Security-BriefI've asked, but I'm curious which GWT vulnerabilities they might be including here.
The one that comes up the most in searches for me is this (relatively ancient) GWT 1.5/1.6-era RSS/XSS vulnerability:
If they're using this one, I'm curious if their download stats only include affected versions.--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/eHOwW9yCMOQJ.
To post to this group, send email to email@example.com.
To unsubscribe from this group, send email to firstname.lastname@example.org.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
Post a Comment