Veracode issues with 24.6

Aspose.Total Product Family
1

We are running Veracode scan and received several Medium or less errors. with version - 24.6
I know the threads have popped up before, but they were older versions. Thank you.

aspose.cells.dll

  1. Insufficient Entropy
  2. Use of Externally-Controlled Input to Select Classes or Code (‘Unsafe Reflection’)
  3. Use of a Broken or Risky Cryptographic Algorithm
  4. Use of Hard-coded Cryptographic Key
  5. Improper Resource Shutdown or Release

aspose.email.dll

  1. Improper Certificate Validation
  2. Use of a Broken or Risky Cryptographic Algorithm
  3. Use of Externally-Controlled Input to Select Classes or Code (‘Unsafe Reflection’)
  4. Use of Hard-coded Cryptographic Key
  5. Use of a Broken or Risky Cryptographic Algorithm
  6. Insufficient Entropy
  7. Insertion of Sensitive Information Into Sent Data
  8. Improper Resource Shutdown or Release

aspose.imaging.dll

  1. Insufficient Entropy
  2. Use of Externally-Controlled Input to Select Classes or Code (‘Unsafe Reflection’)
  3. Server-Side Request Forgery (SSRF)
  4. Use of a Broken or Risky Cryptographic Algorithm
  5. Generation of Error Message Containing Sensitive Information
  6. Improper Resource Shutdown or Release

aspose.pdf.dll

  1. Use of a Broken or Risky Cryptographic Algorithm
  2. External Control of File Name or Path
  3. Inadequate Encryption Strength
2

Could you please provide more specific details about the issues you are encountering with the Veracode scan? For example, are you looking for guidance on how to resolve these errors, or are you seeking information about the security practices related to the Aspose products mentioned?

3

I am looking for assurances that I can mark the Aspose issues as ‘by design’ and in fact they are not a problem.

4

@ChadAll,

Regarding Aspose.Cells, we will evaluate your mentioned Veracode issues. We have opened the following new ticket(s) in our internal issue tracking system and will deliver their fixes according to the terms mentioned in Free Support Policies.

Issue ID(s): CELLSNET-56399

Once we have an update on it, we will let you know here.

5

Thank you so much

6

@ChadAll,

You’re welcome. Additionally, our fellow team members will assess your mentioned issues for their respective Aspose (.NET) APIs shortly.

7

@ChadAll

Please allow us to investigate from Aspose.PDF perspective. An investigation task as PDFNET-57825 has been generated in our issue management system for the sake. We will analyze it and let you know as soon as ticket is resolved. Please be patient and spare us some time.

8

Any update? Thanks.

9

@ChadAll

We are afraid that the earlier logged ticket has not been yet resolved. It will be prioritized on a first come first serve basis and as soon as we make some progress towards its resolution, we will inform you. Please be patient and spare us some time.

10

@ChadAll,

We apologize, but the situation is the same for the ticket logged for Aspose.Cells. There is no update at the moment. Once we have any new information available, we will share it with you.