Re: Mirage2 Bower: Security issue
12 views
Skip to first unread message
Paul Münch
Dec 12, 2019, 7:39:41 AM12/12/19
to DSpace Technical Support
Hello everyone,
For the case that it's a known issue, please excuse this mail.
Today I noticed in the maven installation logging, while the
installation of 'bower', a link to a blog post about a security issue:
https://snyk.io/blog/severe-security-vulnerability-in-bowers-zip-archive-extraction/.
So I updated the package configuration file
(https://github.com/DSpace/DSpace/blob/dspace-6.3/dspace-xmlui-mirage2/src/main/webapp/package.json)
to bower version 1.8.8. The installation also runs with the new version.
Kind regards,
Paul Münch
--
Philipps-Universität Marburg | UB
Digitale Dienste | Deutschhausstraße 9 | D228
Tel. +49 06421 28-24624
--
For the case that it's a known issue, please excuse this mail.
Today I noticed in the maven installation logging, while the
installation of 'bower', a link to a blog post about a security issue:
https://snyk.io/blog/severe-security-vulnerability-in-bowers-zip-archive-extraction/.
So I updated the package configuration file
(https://github.com/DSpace/DSpace/blob/dspace-6.3/dspace-xmlui-mirage2/src/main/webapp/package.json)
to bower version 1.8.8. The installation also runs with the new version.
Kind regards,
Paul Münch
--
Philipps-Universität Marburg | UB
Digitale Dienste | Deutschhausstraße 9 | D228
Tel. +49 06421 28-24624
--
Reply all
Reply to author
Forward
0 new messages