Hi, this react vulnerability was found a few days ago. I checked in the xwiki-platform repository and found some react imports but not any of the affected packages.
Could someone please confirm that XWiki is not affected?
Thank you in advance!
Regards, Hisham
Hello @hal-fatish,
Thanks for asking.
While we have dependencies on React, we don’t depend on server-side React components.
Consequently, we are not vulnerable to the recently raised CVEs.
Thank you very much for the fast respond.
Have a great day!
Regards, Hisham