Vulnerability YUI 2.9.1

Hello, I’m new to using Suitecrm, the security area has told me that the application has vulnerabilities since it uses a somewhat old version of YUI (Yui 2.9.1) but I really don’t know how to correct it:


What is your version of SuiteCRM?

1 Like

Hi, i have SuiteCrm Versión 7.11.20

That’s from June 2021, I wonder if there has been any update to YUI meanwhile…

Do you know in which file we can look to check the YUI version?

1 Like

hello, yes, in fact they tell us that the version is in sugar_grp1_yui.js and the path is /cache/include/javascript/sugar_grp1_yui.js

I find a YUI update in a commit earlier than that, supposedly in 7.11.16

Perhaps you can try Admin / Repair / JS Groupings (and while you’re there, any other JS repairs) and see if that gets changed.

1 Like

Hi @AndresR90

Thank you for your post.

YUI 2.9.1 is a custom patched version of 2.9.0 which removed and fixes the vulnerable elements in YUI 2.9.0. As far as we are aware YUI 2.9.0 was the last official release of YUI 2.

As such we are not currently aware of any know issues which the version deployed within the latest versions of SuiteCRM.

However, if you are aware of any genuine security issues within the platform please report them via the official channels as found here Raising Issues :: SuiteCRM Documentation