- Security Updates
- Common Security Updates
- Security Issue
Contact Support
Security Advisories in Syncfusion EJ2 Controls
31 Dec 20241 minute to read
Syncfusion places the utmost priority on the security of our controls. Users can rest assured about the security of our controls, as we have implemented all necessary measures to mitigate security vulnerabilities such as cross-site scripting and insecure dependencies. To meet security standards, Syncfusion utilizes the ESLint and ESLint plugin security tools for static code analysis. Additionally, Syncfusion packages undergo software composition analysis using the SOOS security tool.
This document provides a description of the security updates available for Syncfusion Essential JS2 controls for volume release.
Security Updates
The following security updates are available for Syncfusion DocumentEditor control and are listed based on the release version.
2024 Volume 2 (v26.2.4) - July 25, 2024
This release resolves critical and moderate security vulnerabilities affecting the Syncfusion Document Editor Docker Image.
Threat:
-
ASP.NET Core Components: Multiple moderate vulnerabilities in Kestrel’s HTTP request handling could expose applications to access control issues and data leakage.
-
Npgsql: A potential SQL injection vulnerability via Protocol Message Size Overflow was detected.
-
Dynamic LINQ: Vulnerable to remote code execution via untrusted input manipulation.
Resolution:
-
Updated affected ASP.NET Core packages.
-
The Npgsql package and Dynamic LINQ have been removed, as they are no longer required, to enhance security and mitigate the risk of SQL injection attacks.
Common Security Updates
For details on common security updates related to Syncfusion products, please refer to this link. This resource provides information on the latest advisories and best practices to help ensure the security and integrity of your applications.
Security Issue
If users discover any security issues or need assistance in resolving them with Syncfusion controls, please contact us by creating a support ticket on our support site or by posting your query on Stack Overflow with the tag syncfusion-ej2.