[jira] [Commented] (GUACAMOLE-773) Update webapp dependencies to latest stable and compatible versions

Mon, 31 May 2021 02:54:04 -0700 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-773?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17354348#comment-17354348
 ] 

Mike Jumper commented on GUACAMOLE-773:
---------------------------------------

[~kunthal], as you can see from the comments above, it is being actively worked 
on and updates are posted here when there are updates to post. Next time there 
is an update, here is where it will be.

There are no known security implications for Guacamole from any of the 
libraries being updated. It's annoying, I know, but your security tool is 
almost certainly raising false positives. If you _do_ have any specific 
concerns, please send those concerns to [email protected] and we 
can investigate accordingly.

Outside of that, just be patient. Things are being updated, things will be 
updated, and if you are watching this issue  you will receive updates on those 
updates.

> Update webapp dependencies to latest stable and compatible versions
> -------------------------------------------------------------------
>
>                 Key: GUACAMOLE-773
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-773
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole-client
>            Reporter: dateno1
>            Assignee: Mike Jumper
>            Priority: Trivial
>             Fix For: 1.4.0
>
>
> Some of the dependencies of the Guacamole web application are quite old. 
> Assuming newer versions can be used without breaking things, these 
> dependencies should be updated.
> This issue as originally reported noted specifically that the following 
> JavaScript dependencies have newer releases:
> * angular-translate
> * angular-translate-interpolation-message-format
> * angular-translate-loader-static-files
> * Blob-polyfill
> * Datalist-polyfill
> * Lodash
> It's unlikely that the above have security implications, particularly in the 
> way they are used, but checking through them and anything else within the 
> various {{pom.xml}} would be good. Java dependencies end up bundled, as well, 
> and are far more critical.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to