They appear to be companies using antiquated software and GWT being called out is a bit of sensationalist cry by the authors. For example, they place in their chart "GWT" at the top, not "GWT 1.6/7." That is to say that not all GWT applications are vulnerable, just the really old, rot in place ones. They also call out SpringMVC 2.5.6, while we're rocking on 3.0.10 these days.
<https://lh3.googleusercontent.com/-QEuVOz89SWM/T3TCpy8L4uI/AAAAAAAABo0/tF2aR6T5iJ8/s1600/Selection_009.png> The gaping omission of the article is that most such *Global 500* firms software development is for *internal components*. If at my office and most others, we don't see an internal meeting scheduling app written in GWT 1.6 to be a serious issue. However, client/external facing applications are a whole different can of beans which have many rounds of reviews before release and continuing audits. I'd estimate only 5% of our applications are externally visible, and the real number is likely lower than that. Another omission is that many libraries are used for testing. Such libraries are consumed at compilations testing time and don't get pushed out into the production application. As such, they are much less likely to be maliciously exploited. It's also why I constantly check for updates to core libraries and why all our POM's have a series of properties at the top such as the following so that dozens of dependencies can be upgraded in a single character change. <spring.framework.version>3.0.7.RELEASE</spring.framework.version> The real take away message is that Maven needs an audit feature to check your POM for known vulnerabilities, say at compile time. Sincerely, Joe -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/VFBOiAE3m2IJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
