By: Rivera Rivera user 13 Feb 2020 at 3:09 a.m. CST

1 Response
Rivera Rivera gravatar
jQuery 1.12.3 is used: https://server/identity/org.richfaces.resources/javax.faces.resource/org.richfaces/jquery.js This version has the following public known vulnerabilities: https://snyk.io/test/npm/jquery/1.12.3 morris.js 0.5.0 is used: https://server/identity/theme/plugins/morris/morris.min.js This version has the following public known vulnerability: https://snyk.io/test/npm/morris.js/0.5.0 **HOW TO FIX:** Update both libraries to their latest versions.

By Yuriy Movchan staff 13 Feb 2020 at 4:22 a.m. CST

Yuriy Movchan gravatar
Hi Rivera, Yes, we will remove dependencies which not allow to do this update in 4.2 version. It's High Priority [issue](https://github.com/GluuFederation/oxTrust/issues/768) for next version.