[jira] [Commented] (OFBIZ-5744) We need to upgrade Birt which uses Axis 1.4 because of CVE-2014-3596

Jacques Le Roux (JIRA) Thu, 24 Sep 2015 00:54:39 -0700

    [ 
https://issues.apache.org/jira/browse/OFBIZ-5744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14905969#comment-14905969
 ]


Jacques Le Roux commented on OFBIZ-5744:
----------------------------------------

We need to upgrade it because of another issue with 
specialpurpose\birt\webapp\birt\webcontent\birt\ajax\lib\prototype.js

prototypejs 1.4.0 has known vulnerabilities: severity: high; CVE: 
CVE-2008-7220; http://www.cvedetails.com/cve/CVE-2008-7220/


> We need to upgrade Birt which uses Axis 1.4 because of CVE-2014-3596
> --------------------------------------------------------------------
>
>                 Key: OFBIZ-5744
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-5744
>             Project: OFBiz
>          Issue Type: Bug
>          Components: specialpurpose/birt
>    Affects Versions: 11.04.06, 12.04.05, 14.12.01
>            Reporter: Jacques Le Roux
>
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3596



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (OFBIZ-5744) We need to upgrade Birt which uses Axis 1.4 because of CVE-2014-3596

Reply via email to