Web SDK vulnerability issues for the cloned cockpit

Divya.Krishnamurthy · June 8, 2023, 9:24am

Hello,

Customer is running a security scanner in the github for cloned cockpit application, and getting critical dependabot gives multiple alerts from the c8y library. where dependabot suggest updating the c8y library to 10.18 but the latest c8y available is 10.15 for enterprise customer.Please refer attached screenshot

We would like to know how to handle these vulnerability cases.

Pawel_Rynarzewski1 · July 11, 2023, 11:54am

Hi Divya, a fix for the mentioned vulnerability will be available in 1015.0.431, so then dependabot should not need to upgrade the ng1-modules package up to 10.18.

system · January 7, 2024, 11:54am

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.