[dojo-contributors] [SECURITY] New Dojo releases, all versions 1.4 through 1.10
dojo-contributors at zetafleet.com
Mon Dec 8 14:40:35 EST 2014
Several cross-site scripting vulnerabilities have been discovered and
fixed in dojox/av, dojox/embed, and dojox/form.
These vulnerabilities only impact users that publish the dojox package.
Users that publish only the dojo and dijit packages are unaffected and
do not need to take any action.
The following new releases contain fixes for the discovered vulnerabilities:
We recommend you upgrade your Dojo packages. Alternatively, out of an
abundance of caution, you may delete the following files if you do not
use any of these components:
Dojo 1.2 and 1.3 are also impacted, but are end-of-life versions of the
Toolkit and will not receive updates for this or any other issue. Users
still running Dojo 1.2 or 1.3 should upgrade to a newer version of the
A full announcement with additional details on the vulnerability will be
published to the Dojo Toolkit blog tomorrow.
More information about the dojo-contributors