You’re offline. This is a read only version of the page.
Announcements
7
Hi,
We are considering Power Pages as the main platform for a customer with approx. 44.000 users and the plan is to replace the existing React-based solution which from our point of view are too expensive for the customer to maintain.
The "react-people" have uncovered some security concerns related to Power Pages’ use of outdated third-party libraries and frameworks which they argue that it has taken too long for Microsoft to update.
Example:
Moment.js is a JavaScript library used for handling user input of time and date. The version of this library that is being used by Power Pages (2.24.0) has known security vulnerabilities, including ReDoS attacks and Directory Traversal. This security weakness has been known by the Power Pages community since the rebranding of the service in October of last year.
So my questions are:
1. ) Can Microsoft or any with good knowledge give us some recommendations about how this are going to be handled if someone finds a security vulnerability which might be important? Will it be acceptable to wait +3 months to get this resolved/updated?
2. ) Will it be possible to get Microsoft to update this by opening a support ticket?
Anyone with good knowledge of how these things works? Anyone we can talk to?
How
Share
Report
All responses (
Answers (
