Download
Abstract
Interim fix for Dojo vulnerability
Download Description
PI34238 resolves the following problem:
ERROR DESCRIPTION:
Interim fix for Dojo vulnerability.
LOCAL FIX:
If the following dojox files are present in your application, but not used in your application,
remove them from your application and then redeploy and restart your application. If you are using a Dojo custom build that contains these files, you will need to redo your custom build and verify the files below are not included in the custom build. If you are using a web server to server Dojo content statically, then you will also need to remove the files the web server as well.
dojox/av/resources/audio.swf
dojox/av/resources/video.swf
dojox/form/resources/fileuploader.swf
dojox/form/resources/uploader.swf
dojox/embed/Flash
Please note dojo development trees containing the full dojo, dijit, and dojox trees often get deployed. In these cases the above files are present ,but not used by the application and should be removed.
PROBLEM SUMMARY:
Interim fix for Dojo vulnerability
PROBLEM CONCLUSION:
Apply Interim Fix. Two fixes for two different versions of the Feature Pack for Web 2.0 and Mobile are provided below:
1.1.0.4-WS-WAS8Web2Mobile-IFPI34238 - For WebSphere Application Server V8 Feature Pack for Web 2.0 and Mobile 1.1.0.4
1.1.0.4-WS-WASWeb2Mobile-IFPI34238 - For WebSphere Application Server V7 Feature Pack for Web 2.0 and Mobile 1.1.0.4
Reminder: After installing this fix, all instances where Dojo is used must be updated. Any installed J2EE application will need to be updated, redeployed, and restarted. Static content served through a web server will need to be updated. Any Dojo custom build that pulls in these dojox files will need to be redone using the updated Web 2.0 and Mobile source Dojo source tree.
Prerequisites
None
Installation Instructions
Please review the readme.txt for detailed installation instructions.
Technical Support
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site (http://www.ibm.com/software/webservers/appserv/was/support), or contact 1-800-IBM-SERV (U.S. only).
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24039512