New Flex SDK gems for XSS vulnerability?

11 views
Skip to first unread message

Ori

unread,
Dec 5, 2011, 9:12:12 AM12/5/11
to ProjectSprouts
Hello all,

Adobe has posted a blog entry* pointing to a XSS vulnerability in all
versions of Flex >= 3.0. They recommend updating ASAP.

Are there plans to update all of the sprout-flex4sdk-tool gems with
these new versions? Full list here of links is available in the
security bulletin.**

Thanks!
Ori


*http://blogs.adobe.com/flex/2011/12/flex-sdk-security-patch-now-
available.html
**http://kb2.adobe.com/cps/915/cpsid_91544.html

Luke Bayes

unread,
Dec 12, 2011, 2:08:52 PM12/12/11
to project...@googlegroups.com
If anyone wants to fork and update the library references with new links and hashes, I'd be happy to take the pull request and release them.

Here's the Flex 3 declaration:

And Flex 4:


Thanks!

Luke



--
You received this message because you are subscribed to the Google Groups "ProjectSprouts" group.
To post to this group, send email to project...@googlegroups.com
To unsubscribe from this group, send email to projectsprout...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/projectsprouts?hl=en

For other info you can visit our project at: http://projectsprouts.org, or on Github at: http://github.com/lukebayes/project-sprouts

Simon Gregory

unread,
Dec 15, 2011, 6:43:45 AM12/15/11
to project...@googlegroups.com
I'm keen to upgrade as well but this has been stuck on my TODO list since the release - I'd be happy for someone to beat me to it though ;)

4.6 isn't a simple switch of the sdk like prior versions as the library dependencies have been moved/re-organised so some extra time might be needed.

Cheers,
Simon


On Monday, 12 December 2011 at 19:08, Luke Bayes wrote:

> If anyone wants to fork and update the library references with new links and hashes, I'd be happy to take the pull request and release them.
>
> Here's the Flex 3 declaration:
> https://github.com/lukebayes/sprout-flashsdk/blob/master/lib/flex3.rb
>
> And Flex 4:
> https://github.com/lukebayes/sprout-flashsdk/blob/master/lib/flex4.rb
>
>
> Thanks!
>
> Luke
>
>
> On Mon, Dec 5, 2011 at 6:12 AM, Ori <rat...@gmail.com (mailto:rat...@gmail.com)> wrote:
> > Hello all,
> >
> > Adobe has posted a blog entry* pointing to a XSS vulnerability in all
> > versions of Flex >= 3.0. They recommend updating ASAP.
> >
> > Are there plans to update all of the sprout-flex4sdk-tool gems with
> > these new versions? Full list here of links is available in the
> > security bulletin.**
> >
> > Thanks!
> > Ori
> >
> >
> > *http://blogs.adobe.com/flex/2011/12/flex-sdk-security-patch-now-

> > available.html (http://blogs.adobe.com/flex/2011/12/flex-sdk-security-patch-now-
>
> available.html)


> > **http://kb2.adobe.com/cps/915/cpsid_91544.html
> >
> > --
> > You received this message because you are subscribed to the Google Groups "ProjectSprouts" group.

> > To post to this group, send email to project...@googlegroups.com (mailto:project...@googlegroups.com)
> > To unsubscribe from this group, send email to projectsprout...@googlegroups.com (mailto:projectsprout...@googlegroups.com)


> > For more options, visit this group at http://groups.google.com/group/projectsprouts?hl=en
> >
> > For other info you can visit our project at: http://projectsprouts.org, or on Github at: http://github.com/lukebayes/project-sprouts
>

> --
> You received this message because you are subscribed to the Google Groups "ProjectSprouts" group.

> To post to this group, send email to project...@googlegroups.com (mailto:project...@googlegroups.com)
> To unsubscribe from this group, send email to projectsprout...@googlegroups.com (mailto:projectsprout...@googlegroups.com)

Reply all
Reply to author
Forward
0 new messages