See this thread - https://forums.adobe.com/message/5388554#5388554 and others like it.
You need to identify the specific issue your security audit is freaking out about and check to see if any changes have been made in newer versions of RH. If there haven’t been any changes, you need to contact Adobe Tech Support with your specific concerns.
Yeah, I've seen that thread and for that vulnerability, there is a simple work-around.
But recently, a scan has highlighted these lines as vulnerabilities:
In the whphost.js file:
37 this.show = function(bShow)
83 this.load = function()
88 var strFile = _getFullPath(getPath(), this.msComFile);
94 var sHTML = "<IFRAME ID=" ...;
98 sHTML += "100%; height:100%;\"></IFRAME>";
166 for (var s = 0; s < this.maCom.length; s++)
204 function getPath()
208 gsPath = location.href;
213 return gsPath;
In the whutils.js file:
92 function _getHost(sPath)
103 return sPath;
106 function _getFullPath(sPath, sRelPath)
111 return _getHost(sPath) + sRelPath;
This is starting to look too complicated for a simple work-around.
How would I check to see if these are handled in any versions 10 or 11?
I’d find a non-production machine and download a trial copy, then have a look at the template js files you’re interested in. Have you investigated the HTML5 output to see if it satisfy your security guys?