A9:2017 - Using Components with Known Vulnerabilities

Official Content

Actions by GeneXus

  • GeneXus uses a set of public standard classes. You can find them here
  • GeneXus updates its dependencies on every release.
  • GeneXus fixes known vulnerabilities on its releases.

Actions by Developers

  • Upgrade to the latest GeneXus's version.
  • Verify third party component used against Known Vulnerabilities Data Bases, mailing lists, etc.
  • Check for User controls, Extensions, Patterns and External Objects dependencies.
    • Security Scanner helps to detect this scenario with case codes #120 & #121.
  • Change the Data Base driver to the latest on deploy.
  • Verify the server's software is up to date.
  • Implement security policies.