What are the Slack Archives?
It’s a history of our time together in the Slack Community! There’s a ton of knowledge in here, so feel free to search through the archives for a possible answer to your question.
Because this space is not active, you won’t be able to create a new post or comment here. If you have a question or want to start a discussion about something, head over to our categories and pick one to post in! You can always refer back to a post from Slack Archives if needed; just copy the link to use it as a reference..
Sorry, for deleting my former post. But, since there is to much risk of exposing a possible XSS vuln
Sorry, for deleting my former post. But, since there is to much risk of exposing a possible XSS vulnerability in ZED, we decided to not talk publicly about it. The report is on it's way to security@
Comments
-
Could you please keep me updated about the fix as suggested by @U01LXLJMWQ1?
Please let me know if
• CustomerGroup (2.6.0)
• CustomerUserConnectorGui 1.3.0
are fixing it for you.0 -
Hi there! Sorry, i switched back to our companys account and didn't recocgnize your request. Since we are currently not using those two packages, we removed them, hence i cannot give you a report on these two in specific. But, for the more general statement, that updating packes should solve some of the major issues reported, i can confirm that part of our security reports could be closed. Nevertheless, there we are still facinig "DOM Based Cross-Site Scripting on Product Options and Product Sets" ans "Cross-Site Scripting and Open Redirect in Referer Header" Reports but "fixed" them by using a vpn - technically those vectors are still there, but behind closed curtains ... and as a bonus, if you are using api as well, enable a rate limit service on your public LBs and harden the password policy for zed - the default implementation is way to weak
0
Categories
- All Categories
- 42 Getting Started & Guidelines
- 7 Getting Started in the Community
- 8 Additional Resources
- 7 Community Ideas and Feedback
- 75 Spryker News
- 921 Developer Corner
- 781 Spryker Development
- 88 Spryker Dev Environment
- 362 Spryker Releases
- 3 Oryx frontend framework
- 34 Propel ORM
- 68 Community Projects
- 3 Community Ideation Board
- 30 Hackathon
- 3 PHP Bridge
- 6 Gacela Project
- 25 Job Opportunities
- 3.2K 📜 Slack Archives
- 116 Academy
- 5 Business Users
- 370 Docker
- 551 Slack General
- 2K Help
- 75 Knowledge Sharing
- 6 Random Stuff
- 4 Code Testing
- 32 Product & Business Questions
- 70 Spryker Safari Questions
- 50 Random