A couple of questions: Does anyone have details on this issue? The security bulletin and top links in Google don't describe details of the vulnerability. We are trying to determine our exposure.
Is there a continuous integration / command-line friendly way to use the patch tool? We _might_ consider cooking up our own based on the description of the air app's operation "Also note that the SWF-patching tool works by searching for a known byte sequence in a particular area of the SWF file," but we'd rather use something Adobe published. Regards, Stephen On Mon, Dec 5, 2011 at 5:42 AM, Carsten Schlipf <[email protected]>wrote: > Adobe has published a security bulletin: > http://kb2.adobe.com/cps/915/cpsid_91544.html > > *Due to a vulnerability in the Flex SDK, many Flex applications are > vulnerable to cross-site scripting (XSS) attacks, and must be patched in > order to protect user data.* > > When will updated SDKs be available in the repository? > > -- > You received this message because you are subscribed to the Google > Groups "Flex Mojos" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/flex-mojos > > http://flexmojos.sonatype.org/ > -- You received this message because you are subscribed to the Google Groups "Flex Mojos" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/flex-mojos http://flexmojos.sonatype.org/
