Listing of Extensions Vulnerabilities

Last modified by Manuel Leduc on 2023/06/19 17:33

A security vulnerabilities section is now available in the administration. This section present the state of the known vulnerabilities of extensions installed on the wiki.

This list is filled based on a periodic scan (running every 24h by default), and uses https://osv.dev/ as its vulnerability database.

Warning

Please note that the list does not include all extensions for now. Extensions that can't be upgraded through the extension manager are not included.

Therefore, do not consider a instance as exempt of know security issues if the list is empty. See our Security Policy to know more about our security practices.

Information

The vulnerabilities presented in the screenshots are based on outdated extensions versions and does not represent the state of an up to date XWiki instance.
They are here to show what the UI looks like with known vulnerabilities listed.

Get Connected