GLOBALEAKS
Remediating Angular JS script injection vulnerability #4450
-
|
We recently completed a penetration test for our globaleaks site, which identified a code injection vulnerability in the form of Angular JS 1.8.3 within /js/scripts.min.js As support for AngularJS is now deprecated, what is the path to remediation recommended by the Globaleaks team? We host the site on a Linux VM which, to be honest, is rarely touched due to lack of experience dealing with Linux in the team, so any guidance that can be provided would be appreciated. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
Thank you @Elliot-12345 Actually GlobaLeaks since version 5.0.0 has deprecated using AngularJS and is using Angular. I consider you might be using an outdated software version. To resolve you just need to update to the latest software version. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @evilaliv3, Thank you for your reply and clarification. Just to confirm, would you suggest the most appropriate update method being the "Regular update" method described in the article here: https://docs.globaleaks.org/en/stable/user/admin/UpgradeGuide.html#regular-update Or would there be a more in-depth process to follow if it has been a long time since it was last updated? Regards, Elliot |
Beta Was this translation helpful? Give feedback.
-
|
You can update with a regular update since the software includes all the needed migrations. The only aspects that might require some manual adjustments, if you have used a custom CSS theme, is to update the theme since the software is now using boostrap 5 in place of boostrap 4 |
Beta Was this translation helpful? Give feedback.
Thank you @Elliot-12345
Actually GlobaLeaks since version 5.0.0 has deprecated using AngularJS and is using Angular.
I consider you might be using an outdated software version.
To resolve you just need to update to the latest software version.