Ok I understand, I will follow your recommendations and validate it with the equipment, thank you very much for your help. On Thursday, December 28, 2023 at 11:03:17 AM UTC-5 Colin Alworth wrote:
> I think what Frank is saying is that those linked issues all related to > the GWTTestCase tooling, which is only used for unit tests, and no > reasonably-configured application will be serving GWTTestCase contents to > users (and will usually only be available locally for 10s of seconds, on a > randomly numbered http port). Regardless, this was fixed in the 2.5.1 > release. > > I don't understand what you mean that your attached references indicate > that the issue persists - the first message notes that it was resolved in > 2.5.1-rc1 - have you confirmed that there is still an issue in some way? > > The gwt mailing list email (your third link) enumerates a few > plausible-looking issues identified through automated tooling, and explains > why these are not real issues. At the time of writing, GWT 2.8.1 was the > latest release, so at least 2.8.1 will resolve all of the mentioned issues. > > It typically has been the policy of the GWT Project to not backport fixes, > but maintain backwards compatibility whenever possible (even sometimes > beyond what may seem reasonable, like continuing to support IE11 past its > end-of-life date, etc). For this reason, we always advise to update to the > latest GWT release, to ensure the best compatibility with other tools you > are using - newer Java releases, browser updates, etc. > > On Tuesday, December 26, 2023 at 7:47:27 AM UTC-6 flosanlop17 wrote: > >> Hi Frank, I'm sorry, but I don't understand your answer, could you >> explain a little better, thank you! >> >> On Friday, December 22, 2023 at 8:15:29 AM UTC-5 Frank Hossfeld wrote: >> >>> you should never deploy your tests into production. >>> flosanlop17 schrieb am Donnerstag, 21. Dezember 2023 um 17:52:49 UTC+1: >>> >>>> I am currently working on some security incidents reported in an >>>> application that uses GWT, in its version 2.5.0 according to the report >>>> for >>>> this version there are security vulnerabilities related to XSS, I was >>>> reading a little the real notes of the versions above this one for example >>>> 2.5.1 indicates that this vulnerability was fixed, But on investigation >>>> it >>>> seems that this is not the case, according to the attached references this >>>> novelty still persists. >>>> >>>> Continue reading the actual notes of later versions, but it's not clear >>>> if any security patches were worked on in new versions. >>>> >>>> Reading the forum, I notice that in version 2.8.1 a vulnerability >>>> related to XSS was also identified again. >>>> >>>> My question is which version then I could use that currently has these >>>> vulnerabilities fixed. >>>> >>>> Very thanks for your help. >>>> >>>> References >>>> https://www.openwall.com/lists/oss-security/2013/08/05/3 >>>> https://www.openwall.com/lists/oss-security/2013/08/05/1 >>>> https://groups.google.com/g/google-web-toolkit/c/Tx29wSZ8SZQ >>>> >>> -- You received this message because you are subscribed to the Google Groups "GWT Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/google-web-toolkit/7e6201aa-e04f-4c52-9713-45ddf1ce3a7bn%40googlegroups.com.
