Third party security advisories
Overview
SpringSource products depend on a variety of third-party components. Not all of these components provide a list of security vulnerabilities by version. This page attempts to provide that information for the components SpringSource products depend on where it is not readily available.
Dojo
| Date | Affected versions | Description | Reference(s) |
|---|---|---|---|
| 11 March 2010 | 1.4.0 to 1.4.1 1.3.0 to 1.3.2 1.2.0 to 1.2.3 1.1.0 to 1.1.1 1.0.0 to 1.0.2 0.4.0 to 0.4.3 |
Input escaping errors, XSS, open redirects, unnecessary files | Dojo security advisory |
| 15 May 2007 | 0.4.0 to 0.4.2 | XSS | Dojo release announcement |