[SECURITY] Remove charts.swf to get rid of XSS vulnerability 68/30268/2
authorHelmut Hummel <helmut.hummel@typo3.org>
Thu, 22 May 2014 07:30:56 +0000 (09:30 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 22 May 2014 07:31:02 +0000 (09:31 +0200)
The file charts.swf is vulnerable to XSS, is delivered
by ExtJS but not used in TYPO3 CMS at all.

Since the vendor of ExtJS did not fix this vulnerability,
we decided to remove it from TYPO3 sources.

Change-Id: I7d81fc44294473d041c8910e04c815d91efb409f
Fixes: #54526
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: fef11509739f8bddfeba0fc6f752ac93feb16f03
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30268
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/contrib/extjs/resources/charts.swf [deleted file]

diff --git a/typo3/contrib/extjs/resources/charts.swf b/typo3/contrib/extjs/resources/charts.swf
deleted file mode 100644 (file)
index 472ca22..0000000
Binary files a/typo3/contrib/extjs/resources/charts.swf and /dev/null differ