Adobe Experience Manager Sites & More

oscarr38307878 · 8/13/20

Hi,

As we completed some clientlibs cleanup we encountered a vulnerability issue. We realized that etc/clientlibs/foundation/jquery-ui.min.js is not quite getting minified in production. It almost looks a different file than what we have on other lower environments. We know this is an OOTB and we need it available in the publish instance.
we are using GCC compiler for js minify. No obfuscation.
I'm attaching expected file and production when access thru https://samplesite.com/etc/clientlibs/foundation/jquery-ui.min.js in the browser.

Is GCC failing to compile this AEM clientlib?

Production

production

local

oscarr38307878 · 10/20/20

So, I know it's been a while since I first had this issue, but I think it's worth sharing my discoveries. As I described before the error only occurred on higher environments. Even from the server, so that ruled out any dispatcher filters. The issue originated when creating runmode configurations for each env to be able to use debugging locally. When using GCC I also set the property htmllibmanager.minify="{Boolean}true". This automatically defaults to AEM YUI OOTB compiling tool, overriding the GCC, even when htmllibmanager.processor.js="[min:gcc]" is defined. After removing minify, GCC took over and match our other environments. To be fair, the screenshot shows that libraries were minified however the YUI does it differently. As you may already know the recommendations moving forward (AEM 6.4 and later) are to use GCC for JS compiling. So my guess is GCC may have a more effective obfuscation and/or secure process that AEM YUI. Thanks for all your time and help on this.

View solution in original post

Vijayalakshmi_S · 8/14/20

Hi @oscarr38307878,

Did you get a chance to check the error log file from PROD. Ignore, if you have already.

Can you also confirm if rest of the project specific clientlibs are minified fine and this is the only file with an issue.

Since this is happening only on PROD, check if you can get permission to enable "Debug" log for "com.adobe.granite.ui.clientlibs.impl.HtmlLibraryManagerImpl" during off business hours and remove the logger later after debugging.

arunpatidar · 8/14/20

Hi,

Do you see same behavior for other files as well? like css or other js.

If no then you should check the jsProcessor property of jquery clientlibs.

Arun Patidar

oscarr38307878 · 10/20/20

So, I know it's been a while since I first had this issue, but I think it's worth sharing my discoveries. As I described before the error only occurred on higher environments. Even from the server, so that ruled out any dispatcher filters. The issue originated when creating runmode configurations for each env to be able to use debugging locally. When using GCC I also set the property htmllibmanager.minify="{Boolean}true". This automatically defaults to AEM YUI OOTB compiling tool, overriding the GCC, even when htmllibmanager.processor.js="[min:gcc]" is defined. After removing minify, GCC took over and match our other environments. To be fair, the screenshot shows that libraries were minified however the YUI does it differently. As you may already know the recommendations moving forward (AEM 6.4 and later) are to use GCC for JS compiling. So my guess is GCC may have a more effective obfuscation and/or secure process that AEM YUI. Thanks for all your time and help on this.

Adobe Experience Manager Sites & More

jquery-ui.min.js Not getting Minified?

Arun Patidar

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe