Hi.
We use https://extensions.xwiki.org/xwiki/bin/view/Extension/Extension/Security/UI. We installed 15.10.13 and have nothing listed under “Extension Vulnerabilities” (a) but 10 entries under “Environment Vulnerabilities” (b). And then there is this message after clicking the notifications bell mentioning 1 extension with know vulnerability (c).
This is what I think I understood:
c)
[The number in the notifications] “is actually the number of vulnerabilities which don’t have an explanation to suggest XWiki is not actually impacted (so kind of unknown known vulnerabilities, “known” in this context just referring to the fact that they are public in the database of CVEs, but we sometimes don’t know about them ourselves yet).”
So currently I can’t do (or must not do) anything right?
a)
If there would be some entry I can update those extensions within the extension manager, if an update is provided. Will there be an entry if no update is available too? (So maybe I can de-install it necessary?)
b)
In 15.10.11 there were 12 entries with 15.10.13 there are now 10. (These 10 were already listed in 15.10.11.) Can I do something? (I don’t think so.)
Regards, Simpel
2 posts - 2 participants