Missing security fix for CVE-2019-11358 #38

jbrarAdobe · 2020-03-05T18:08:21Z

Issue in help/release-notes/sp-release-notes.md

Need to add details about the security fix for CVE-2019-11358 which was fixed in SP3 as part of GRANITE-26084
Security - jQuery: Prototype Pollution Vulnerability

anujkapo · 2020-03-06T09:20:08Z

Thanks for reporting the issue. I'll follow-up with the security team. If they have already published this fix in the security bulletin, will include it in the release notes.

anujkapo · 2020-03-18T16:51:44Z

Hello, I just got a confirmation from the security team that we can include this issue in the Release Notes. I'll add and let you know once the changes are published live. Thanks!

anujkapo · 2020-03-19T19:17:27Z

Hi Jaideep,

While I was incorporating the updates, I noticed that the key highlights section for 6.5.3.0 already covers jQuery version updates:
https://docs.adobe.com/content/help/en/experience-manager-65/release-notes/service-pack/previous-hotfixes-featurepacks.html
Let me know if we need to capture more details here. Thanks!

anujkapo · 2020-03-20T18:44:15Z

Hey Jaideep, closing the issue. Let me know in case of any issues. Thanks!

anujkapo self-assigned this Mar 6, 2020

anujkapo closed this as completed Mar 20, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Missing security fix for CVE-2019-11358 #38

Missing security fix for CVE-2019-11358 #38

jbrarAdobe commented Mar 5, 2020

anujkapo commented Mar 6, 2020

anujkapo commented Mar 18, 2020

anujkapo commented Mar 19, 2020

anujkapo commented Mar 20, 2020

Missing security fix for CVE-2019-11358 #38

Missing security fix for CVE-2019-11358 #38

Comments

jbrarAdobe commented Mar 5, 2020

anujkapo commented Mar 6, 2020

anujkapo commented Mar 18, 2020

anujkapo commented Mar 19, 2020

anujkapo commented Mar 20, 2020