Does Zammad use LodashJS?


  • Used Zammad version: 6.2.0-1710415722.ca3a5152.focal
  • Used Zammad installation type: package
  • Operating system: Ubuntu 20.04
  • Browser + version:

Expected behavior:

We want to get a cyber insurance for the Zammad server and part of that process is a security analysis conducted by them.
They list LodashJS 1.8.3 as a vulnerable in their report and as high impact vulnerability.

Actual behavior:

I did not find anything about Zammad using LodashJS while searching the web.
The only thing i found was Elasticsearch using lodash but the implimented version is version 4 since around 2018 and elaticsearch is runing in version 7.17


Final Question:

Does Zammad outside of Elatic use lodash in any form?
@MrGeneration Sorry to tag you, i do not know if this is against the forum rules? But i feel like this is a question that most likely only a core team member can answer and you are the only one i know on the forum and you were always really helpfull :sweat_smile: