Open Source Asked by Bipin Chandra on August 28, 2021
We use an older verion of dojo in our product and our upgrade to newer version needs lot of overhauling of the product code – which is not possible at this wee hour. But we need to get rid of this reported vulnerability – CVE-2018-15494. I found that the fix is there in the dojo’s two files – https://github.com/dojo/dojox/pull/283
I wanted to know if I can make the changes in my application directly? Are there any license issues?
You don't say what licence you got the earlier version of dojo(x?) under, but the current LICENSE file says either 3BSD or Academic Free License, at your choice. Were you to choose to take the patch under 3BSD, then assuming that your product is distributed in binary-only form, your major obligation after incorporating this patch would be that
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
This does not seem to me unduly onerous for a commercial product. If you can live with that, I think that you may use the patch. That said, you may wish to take professional legal advice before betting a company on this!
Answered by MadHatter on August 28, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP