It is not clear from your documentation whether you are still relying on jszip.js for Excel exports. We have found that this library has critical security vulnerabilities that have not been addressed by the FOSS developer who created it.
Would you please let us know if the security vulnerabilities you mentioned are found in the latest version? Generally, the Kendo UI for jQuery/MVC/Core(Exporting) is compatible with JSZip 3.x starting v2023.3.1114 (R3 2023 SP1). You can upgrade to the latest JSZip version (3.10.1).
Regards,
Mihaela
Progress Telerik
Stay tuned by visiting our public roadmap and feedback portalpages. If you're new to the Telerik family, be sure to check out our getting started resources, as well as the only REPL playground for creating, saving, running, and sharing server-side code.
This is the version of Jszip that is insecure. The random-number generator used by Jszip is vulnerable to cyberattacks and the creator of the library has not maintained it.
Mihaela
Telerik team
commented on 02 May 2024, 01:40 PM
Hello Donald,
I have found the following two issues in the JSZip repo: