|
|
|
Rank: Newbie
Groups: Registered
Joined: 10/22/2019
Posts: 5
|
Hi Team,
We are using "RapidSpellWeb.jar" in our application and when we perform scan, we founded "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute" vulnerability.
Could you please let us know whether this vulnerability has been fixed in latest version?
Also, it would be helpful if you could share the link to download the latest JAR with above fix?
Thanks
|
|
|
|
Rank: Advanced Member
Groups: Administrators, Registered
Joined: 8/13/2004
Posts: 2,669
Location: Canada
|
Hi Senthil, here you are https://www.dropbox.com/.../RapidSpellWeb.jar?dl=0
As a note, the cookie didn't contain anything sensitive, just user options. Thanks -your feedback is helpful to other users, thank you!
|
|
|
|
Rank: Newbie
Groups: Registered
Joined: 10/22/2019
Posts: 5
|
Thanks Jim!
If i use the latest JAR will that vulnerability will get solved?
Since, we need to rescan our application.
|
|
|
|
Rank: Advanced Member
Groups: Administrators, Registered
Joined: 8/13/2004
Posts: 2,669
Location: Canada
|
Yes, assuming the scanner works properly. -your feedback is helpful to other users, thank you!
|
|
|
|
Rank: Newbie
Groups: Registered
Joined: 10/22/2019
Posts: 5
|
Thanks Jim again!
One last clarification, does RapidSpellWeb.JAR uploaded in Maven Repository?
If so, could you please share the URL?
Thanks!
|
|
|
|
Rank: Advanced Member
Groups: Administrators, Registered
Joined: 8/13/2004
Posts: 2,669
Location: Canada
|
No, it's not in the central repository. Jim -your feedback is helpful to other users, thank you!
|
|
|
|
Rank: Newbie
Groups: Registered
Joined: 10/22/2019
Posts: 5
|
Thanks again!
Do i need to change the code as part of JAR upgrade?
Please let me know
Thanks!
|
|
|
|
Rank: Newbie
Groups: Registered
Joined: 10/22/2019
Posts: 5
|
Hi Jim,
When i checked the latest release version v5.2 updates. I couldnt able to find on addressing "Sensitive Cookie in HTTPS Session Without 'Secure' Attribute" vulnerability.
Could you please advise?
New in v5.2
1) Added ability to set field labels for the dialog checker with JS mode usage, see Dialog page in the help.
2) E7 Fix browser contextmenu being shown when right clicking on error word.
3) Chrome v57 introduced an issue with INPUT (single line) text boxes being wrongly sized in height, which has been fixed.
4) Fixed issue with cursor not being visible (when first clicked) in single line text boxes in Chrome.
5) Russian translation correction.
Thanks
|
|
|
|
Rank: Advanced Member
Groups: Administrators, Registered
Joined: 8/13/2004
Posts: 2,669
Location: Canada
|
No you shouldn't need to change your code if you are already on v5. 5.2 was released before you asked about the secure cookie issue. There is actually nothing that needs to be secure in that cookie, so it is not an urgent update. When we release 5.3 it will have the cookie fix, but like I say, it's not urgent, the patch was just to make your scanner happy. Best Jim -your feedback is helpful to other users, thank you!
|
|
|
