Wednesday, April 10, 2019

Security Vulnerability Detected in GWT Library

GWT 2.8.2:
All
All

---

##### Description
Security Vulnerability Detected in gwt-dev.jar & gwt-servlet.jar are reported by Dependency checker tool
https://jeremylong.github.io/DependencyCheck/

Below are the details -
1. Gwt-dev.jar - 
               1.1 Vulnerable version of jetty library(current version-- 9.2.14, available ) 
               1.2 Vulnerable version of commons-collections(current version - 3.2.1)
               1.3 Vulnerable version of org.apache.httpcomponents:httpclient(current version - 4.3.1)

2. Gwt-servlet.jar             
               1.1 Vulnerable version of Google Protobuf(current version - 2.5.0, available version - 3.4.0)

##### Steps to reproduce
Refer instruction from following web site.
https://jeremylong.github.io/DependencyCheck/dependency-check-ant/index.html

Is community going to update 3rd party library used by GWT to remove these Vulnerability ?

--
You received this message because you are subscribed to the Google Groups "GWT Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-web-toolkit+unsubscribe@googlegroups.com.
To post to this group, send email to google-web-toolkit@googlegroups.com.
Visit this group at https://groups.google.com/group/google-web-toolkit.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment