Urgent! Security Assessment of Outsystems mobile app

Hello,

I would appreciate your prompt response to answer this as we need to release our mobile app ASAP.

We have developed a native mobile app using OutSystems 11. Our security compliance asked us to clear these findings in order to approve the app for release.  Can you please advise how can i close these findings? how can i know which plugins contain these libraries? 

I am using following plugins in the app itself

  • CommonPlugin
  • DeeplinkMobile
  • FirebaseMobile
  • OutSystemsCharts
  • OutSystemsUI
  • (System)
  • Users
  • CryptoAPI
  • HTTPRequestHandler(System Components)

and i have 2 referenced modules in which i am using following additional plugins 

  • LocationPlugin
  • OutSystemsSampleDataDB
  • HTTPRequestHandler



Following are the findings communicated by our Security Compliance team.

Below vulnerable libraries are used and should be upgraded with latest versions.

jquery-ui-dialog version 1.8.24

jquery version 1.8.3

jquery version 1.11.3.min


  • Cookie without Secure Flag – Low

Please review below cookie if it’s sensitive cookie then to protect with secure flag.


Thank you Afonso this is helpful. I also found this article for configuring secure session cookies https://success.outsystems.com/Support/Enterprise_Customers/Maintenance_and_Operations/Upcoming_changes_in_cookie_handling_in_Google_Chrome#patch

mvp_badge
MVP
Solution

Hello Maitha,

While some OutSystems components rely on older versions of jquery libraries, those libraries have been patched by OutSystems in order to remove their vulnerabilities. Thus, these findings are false positives. You can resort to this page in the documentation when you discuss these findings with your security team.

I'm not aware of the cookie, but it looks low impact (as identified by your security team) - are you able to release a first version without any action there?

Thank you Afonso this is helpful. I also found this article for configuring secure session cookies https://success.outsystems.com/Support/Enterprise_Customers/Maintenance_and_Operations/Upcoming_changes_in_cookie_handling_in_Google_Chrome#patch

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.