Hi Rajashekar, Thanks for bringing this to our attention. I committed a change upgrading dojotoolkit to version 1.16.3 on master and 8.0.x branches. It will be available in version 8.0.5. I am not planning to release a new 7.1.x version. We released 7.1.0 around two years ago in January 2019. A life cycle of major/minor versions is 2 years which includes building of maintenance releases with fixes for security and critical issues. The users of 7.1.x versions should upgrade their brokers to the latest 8.1.x version.
Kind Regards, Alex [1] https://issues.apache.org/jira/browse/QPID-8511 On Tue, 9 Mar 2021 at 18:54, rhudumula <rhudum...@salesforce.com.invalid> wrote: > > Hi Qpid team, > > CVE-2020-5258 is reported against dojo-toolkit and the fix is available in > these versions - 1.14.6 and 1.16.2. The latest Qpid Broker-J versions still > seem to be using older dojo-toolkit versions. > Any update on when the this will be addressed? Or is it safe to just pick > the latest dojo-toolkit version? > > Thanks, > Rajashekar > > > > -- > Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org > For additional commands, e-mail: users-h...@qpid.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional commands, e-mail: users-h...@qpid.apache.org
