• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
1

Insecure Randomness security vulnerability in RoboHelp Version 2020.7.46

Explorer ,
May 03, 2022 May 03, 2022

Copy link to clipboard

Copied

Our Security team performed a Fortify SCA scan of our source code and found some security vulnerabilities relating to some of our RoboHelp files. I need help fixing this issue. Only related post I saw was a suggested patch for RH 2015. 

 

The files that are problematic are common.min.js, layout.min.js, rh.min.js, and topic.min.js. 

 

Can anyone help?

Views

688

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Sep 07, 2022 Sep 07, 2022

Copy link to clipboard

Copied

Old files on the server is what @Amebr was pointing at in her post.

________________________________________________________

My site www.grainge.org includes many free Authoring and RoboHelp resources that may be of help.

 

Help others by clicking Correct Answer if the question is answered. Found the answer elsewhere? Share it here. "Upvote" is for useful posts.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Sep 08, 2022 Sep 08, 2022

Copy link to clipboard

Copied

LATEST

Absolutely! Thank you as always, Peter.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Sep 07, 2022 Sep 07, 2022

Copy link to clipboard

Copied

@Sleant if you have those files in your project source, it probably means that at some point someone accidentally generated the output into the source folder. Do you know if that was detected and cleaned up? If not, you might have some additional things to double-check .

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Participant ,
Sep 08, 2022 Sep 08, 2022

Copy link to clipboard

Copied

You're always right 🙂 What I didn't know was that the culprit could be from the source file (.../sourcefiles/contents/assets/js/*). I kept thinking it was the published files and folders. You're comment definitely guided me through my though process, so thank you as always.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
RoboHelp Documentation
Download Adobe RoboHelp