Pentest reports outdated JavaScript libraries used for angularjs version 1.2.26

[anandsharma04]

Our client runs Pentest against AEM environments and it has reported security vulnerablities in ACS commons code due to outdated JavaScript libraries used for angularJS : The library angularjs in version 1.2.26.

URL : /etc.clientlibs/acs-commons/clientlibs/vendor/angularjs/v1.2/all.js

• [ ] AEM Version, including Service Packs, Cumulative Fix Packs, etc: 6.5.9
• [ ] ACS AEM Commons Version: 4.10.0
• [ ] Reproducible on Latest? yes

Expected Behavior

Expected to update to latest angularJS version 1.8.x as it is current Long Term Support version - https://github.com/angular/angular.js/security/policy

Links

As per below file ACS commons is still using AngularJS v1.2.26 - https://github.com/Adobe-Consulting-Services/acs-aem-commons/blob/master/ui.apps/src/main/content/jcr_root/apps/acs-commons/clientlibs/vendor/angularjs/v1.2/angular.js

Can you suggest if there is any plan to update this vendor clientlibs to latest 1.8.x version ?

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[kwin]

Related to #2843 which is for all 3rd party libraries.