You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by "Jacques Le Roux (JIRA)" <ji...@apache.org> on 2015/09/24 09:54:04 UTC

[jira] [Commented] (OFBIZ-5744) We need to upgrade Birt which uses Axis 1.4 because of CVE-2014-3596

    [ https://issues.apache.org/jira/browse/OFBIZ-5744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14905969#comment-14905969 ] 

Jacques Le Roux commented on OFBIZ-5744:
----------------------------------------

We need to upgrade it because of another issue with specialpurpose\birt\webapp\birt\webcontent\birt\ajax\lib\prototype.js

prototypejs 1.4.0 has known vulnerabilities: severity: high; CVE: CVE-2008-7220; http://www.cvedetails.com/cve/CVE-2008-7220/


> We need to upgrade Birt which uses Axis 1.4 because of CVE-2014-3596
> --------------------------------------------------------------------
>
>                 Key: OFBIZ-5744
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-5744
>             Project: OFBiz
>          Issue Type: Bug
>          Components: specialpurpose/birt
>    Affects Versions: 11.04.06, 12.04.05, 14.12.01
>            Reporter: Jacques Le Roux
>
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3596



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)