[NXP-32822] Upgrade handlebars.js - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Won't Do
Affects Version/s: 2021, 2023.15
Fix Version/s: 2021.x, 2023.x, 2025.x
Component/s: Distribution / Installers

Tags:
- SupCom
- nxplatform
Backlog priority:
900
Upgrade notes:

Hide

Solved with ~~NXP-32841~~

Show
Solved with NXP-32841
Sprint:
nxplatform #119
Story Points:
5

Description

Client reported the following CVE with handlebars: https://nvd.nist.gov/vuln/detail/CVE-2021-23383
It seems we use handlebars-1.0.0.js in the nuxeo-rest-api-server module. Found at this location on a Nuxeo instance: nxserver/web/root.war/modules/org.nuxeo.ecm.platform.restapi.server/skin/resources/lib

Attachments

Issue Links

is related to

NXP-32835 Upgrade underscore-min.js

Resolved

NXP-32841 Move Swagger Rest API and Automation doc to an optional marketplace

Resolved

is required by

NXP-32879 NUXEO API Documentation page did not display list of items

Resolved

Activity

People

Assignee:

Guillaume Renard

Reporter:

Nicole Peacock

Participants:

Guillaume Renard, Nicole Peacock

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2024-08-01 17:44

Updated:

2024-10-17 09:58

Resolved:

2024-08-20 09:37