- What is your product version? v11.1
- What is your product type (Angular or MVC)? MVC
- What is product framework type (.net framework or .net core)? net6.0
We're in the very end of a process that has required us to get a Privacy Impact Assessment, Threat Risk Assessment, Penetration Test and Vulnerability Scans and there are some items that we can't resolve because they are internal to this project.
1. Page.js contains an insecure version of jquery:
"/saas/js/page.min.js contains jquery 3.4.1 which has known vulnerabilities."
The main site uses 3.6.0 (latest), can page.js use that already correct version?
2. User session timeout does not work propertly:
"The application does not terminate users’ sessions after session timeout; users’ sessions can be resumed without login to the (oauth provider) again."
This might just be configuration, but we're not certain where.
3 Answer(s)
-
0
Hi @kfrancis
For item 1, you can just upgrade jquery verison. We have already upgraded it in hte latest verison. For item 2, we will check it out and inform you.
-
0
So, page.js is bundled but from what? I'm not sure I have anything but the pre-bundled file here.
-
0
Hi,
By default, AspNet Zero doesn't contain any page.js file (/saas/js/page.min.js or /saas/js/page.js). I thought it is a file you or one of your teammate created. Could you check bundles.json and see if it contains an entry for page.js or page.min.js ?
