[ImageToolbox] Image toolbox in combination with vulnerability ImageMagick

Forge Component
(15)
Published on 2019-09-02 by Caio Santana Magalhães
15 votes
Published on 2019-09-02 by Caio Santana Magalhães

In OutSystems 10 I'm using this nice Forge component ImageToolbox for resizing my images. I'm using the latest v1.2 version which should have that ImageTragick security vulnerability covered, according to the description on the Forge page.

However, any version I download, including the OS11 v2.1, the description of the component says 'This extension wraps some of the tools available in the open source image manipulation suite ImageMagick (version 6.9.0)'. The vulnerability is solved in ImageMagick version 7 and this description might need to be changed (at least to help in my discussion with our security guy)?

How can we check ourselves which version of ImageMagick is really used?

Solution

Hi Kit Lam,


If you try to download the installed version with Integration Studio, you can get more detail information by inspecting the Extension C# Project.

By inspecting the convert.exe, you can confirm the is the 6.9.0 version

Hope this helps

Solution

Filipe Costa wrote:

Hi Kit Lam,


If you try to download the installed version with Integration Studio, you can get more detail information by inspecting the Extension C# Project.

By inspecting the convert.exe, you can confirm the is the 6.9.0 version

Hope this helps


Thanks Filipe for explaining to me how to get to the version used. I found out that we should use the latest version of ImageToolbox for OS10, since this is the only version which is showing version 7 of ImageMagick. Even the latest for OS11 is still using v6.9. So, I'm save for the vulnerabilities at this moment. Hopefully this Forge component is upgraded also at the moment we upgrade to OS11.