[ImageToolbox] Image toolbox in combination with vulnerability ImageMagick
Question
Forge component by João Quitério

In OutSystems 10 I'm using this nice Forge component ImageToolbox for resizing my images. I'm using the latest v1.2 version which should have that ImageTragick security vulnerability covered, according to the description on the Forge page.

However, any version I download, including the OS11 v2.1, the description of the component says 'This extension wraps some of the tools available in the open source image manipulation suite ImageMagick (version 6.9.0)'. The vulnerability is solved in ImageMagick version 7 and this description might need to be changed (at least to help in my discussion with our security guy)?

How can we check ourselves which version of ImageMagick is really used?

1.PNG

Solution

Hi Kit Lam,


If you try to download the installed version with Integration Studio, you can get more detail information by inspecting the Extension C# Project.

By inspecting the convert.exe, you can confirm the is the 6.9.0 version

Hope this helps

Filipe Costa wrote:

Hi Kit Lam,


If you try to download the installed version with Integration Studio, you can get more detail information by inspecting the Extension C# Project.

By inspecting the convert.exe, you can confirm the is the 6.9.0 version

Hope this helps


Thanks Filipe for explaining to me how to get to the version used. I found out that we should use the latest version of ImageToolbox for OS10, since this is the only version which is showing version 7 of ImageMagick. Even the latest for OS11 is still using v6.9. So, I'm save for the vulnerabilities at this moment. Hopefully this Forge component is upgraded also at the moment we upgrade to OS11.

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.