BBPMC-554 Do these vulnerabilities still exist for Bonita 7.11?

Submitted by rlatagan on Thu, 12/10/2020 - 04:29
1
0
-1

I wanted to ask if these vulnerabilities:

jquery-ui-1.10.3 (https://snyk.io/vuln/npm:jquery-ui:20160721)
jquery-1.6.4 (https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/version_id-235563/Jquery-Jquery-1.6.4.html)
angularjs-1.4.5 (https://snyk.io/test/npm/angular/1.4.5?severity=high&severity=medium&severity=low)
plupload-1.2.1

still exist in the latest version of Bonita (7.11).

I am currently using the Bonita Platform 7.10.4. Will migrating to 7.11 fix these problem? The issue has not been resolved yet, I'm not sure what the status Validated means.

troubleshooting
Security
1 answer

Submitted by delphine.coille on Thu, 12/10/2020 - 15:05
1
+1
-1
This one is the BEST answer!

Hello,

Here is the latest update on this issue:

Bonita Portal is being transformed into Bonita Applications since 7.10. When Bonita Applications are ready, Bonita Portal will be removed there will no longer have dependencies on jquery libraries.

Developers and users will have to stop using the Portal and start using Bonita Applications instead. This change will allow Bonita and its users to get free from Google Web Toolkit (GWT) technology and offer opportunities for customization. Indeed, some Portal pages (built with GWT) are being totally recreated with our own UI Designer. They will be customizable. Other pages (those that were already using another technology than GWT) are being wrapped and will not be customizable.

Pages which have already been created:

  • User Portal tasklist and process list, Case list, included in a Bonita user application available from Bonita Studio (7.10 and further)

  • Administrator Portal pages except Analytics page included in an Admin user application available from Bonita Studio as well (7.12 to be released in january 2021).

The Administrator Portal in GWT is currently still available but deprecated and will be removed in future versions.

Moreover, some dependencies have been updated in 7.12: https://documentation.bonitasoft.com/bonita/7.12/portal-js-dependencies.

Therefore, as our next version is going to be release very soon I advise you to wait until 7.12 is released and migrated preferably to this version.

Comments

Submitted by rlatagan on Thu, 12/10/2020 - 18:16

By Bonita Applications, do you mean the Administration Tab under the Administrator Dashboard? So that means tasks will not be done in the Bonita Portal anymore, but through the use of Bonita Applications (with the use of the User Portal tasklist, process list, and caselist)?

Thank you very much for your very detailed answer.

Permalink
Submitted by delphine.coille on Fri, 12/11/2020 - 11:31

Both applications are a set of pages and artefacts (case list, process list, organization, etc), part of which are developped with UI Designer and customizable, replicating Bonita Portal.

They are available directly from Bonita Studio welcome page as any example (see image below) and will be deployed as any living application. indeed the goal is to replace progressively Bonita portal in GWT with those user or administrator applications.

Permalink
Notifications