Ignition Designer 7zip Executable Version Vulnerabilities

dillon · January 22, 2025, 8:19pm

Do you think this is worth putting in a ticket with IA or jxbrowser developers?

Has anyone else experienced this?

Snippet below.... My company's Windows user policies has blocked the standalone executable for 7zip that is used to unpack the files for the chromium browser to allow you to view/edit Perspective views in the designer. This is because that version seems to be flagged due to a known exploit or vulnerability. 7zr.exe This occurred upgrading from 8.1.21 -> 8.1.42 which I then triggered a designer update. First time I had to since this Windows policy was put in place.

Luckily, I was able to just download the same designer version on my PC at home and moved the unpacked files to my cache folder myself. However, this is not favorable

Kevin.Herron · January 22, 2025, 8:22pm

We're already aware and TeamDev has already released a version of JXBrowser that updates it.

Unfortunately upgrading JXBrowser is extremely non-trivial and I don't have a timeline for when the next upgrade will happen.

dillon · January 22, 2025, 8:25pm

I figured I was not the first to experience this. Especially since my company upgraded to a version released seven months ago haha. Thanks Kevin.

Kevin.Herron · January 22, 2025, 8:26pm

FWIW, the 7z executable is only used once the first time JXBrowser starts, to unpack the libraries for whatever OS you're on, and then isn't used again.

Security software may flag it, but it's not technically a danger because it's not used again after that, and it's not being run against untrusted user input.

dillon · January 22, 2025, 8:31pm

Fine for me, means less times I have to worry about this because I know my infosec team won't accommodate