You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@syncope.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2020/04/23 06:51:48 UTC

Jquery version on 2.1.x/2.0.x

Is it possible to update the JQuery version on 2.1.x/2.0.x to the same
version as on master? (3.4.1). It seems the existing version is vulnerable
to https://nvd.nist.gov/vuln/detail/CVE-2019-11358

Colm.

Re: Jquery version on 2.1.x/2.0.x

Posted by Misagh Moayyed <mi...@tirasa.net>.

Tested the upgrade to jQuery 3.5.0. No issues. 

--Misagh

----- Original Message -----
> From: "Francesco Chicchiriccò" <il...@apache.org>
> To: "dev" <de...@syncope.apache.org>
> Sent: Thursday, April 23, 2020 6:04:10 PM
> Subject: Re: Jquery version on 2.1.x/2.0.x

> On 23/04/20 15:31, Misagh Moayyed wrote:
>> In the same vein, I'd like to update the master branch to use jQuery 3.5.0.
>> While optional for now, this will soon (1-2 days) become a requirement for the
>> WA module to function correctly. Local testing shows that the upgrade is
>> innocuous.
> 
> If the REST service docs showing at
> 
> http://localhost:9080/syncope/
> 
> works still fine with jQuery 3.5.0, then +1 for me to go ahead and upgrade on
> master.
> 
> Console and Enduser do use jQuery via Wicket, so no issues from those.
> 
> Regards.
> 
>> ----- Original Message -----
>>> From: "Colm O hEigeartaigh" <co...@apache.org>
>>> To: "dev" <de...@syncope.apache.org>
>>> Sent: Thursday, April 23, 2020 12:10:28 PM
>>> Subject: Re: Jquery version on 2.1.x/2.0.x
>>> That's great, thanks!
>>>
>>> Colm.
>>>
>>> On Thu, Apr 23, 2020 at 8:35 AM Francesco Chicchiriccò <il...@apache.org>
>>> wrote:
>>>
>>>> On 23/04/20 08:58, Francesco Chicchiriccò wrote:
>>>>> On 23/04/20 08:51, Colm O hEigeartaigh wrote:
>>>>>> Is it possible to update the JQuery version on 2.1.x/2.0.x to the same
>>>>>> version as on master? (3.4.1). It seems the existing version is
>>>> vulnerable
>>>>>> to https://nvd.nist.gov/vuln/detail/CVE-2019-11358
>>>>> Hi Colm,
>>>>> I don't see issue. Let me do some local tests to confirm and I'll revert
>>>> here.
>>>>> Regards.
>>>> Found no issues, proceeded with upgrade:
>>>>
>>>> * 2_0_X:
>>>> https://github.com/apache/syncope/commit/8ec6c23498aa058860024a2940b8d3104b4be7d6
>>>> * 2_1_X:
>>>> https://github.com/apache/syncope/commit/40bb5d7fe3790a5a66743d8473de0976bb2780b7
>>>>
>>>> Regards.
>>>>
>>>> --
>>>> Francesco Chicchiriccò
>>>>
>>>> Tirasa - Open Source Excellence
>>>> http://www.tirasa.net/
>>>>
>>>> Member at The Apache Software Foundation
>>>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>>>> http://home.apache.org/~ilgrosso/
>>>>
> 
> --
> Francesco Chicchiriccò
> 
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
> 
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/

Re: Jquery version on 2.1.x/2.0.x

Posted by Francesco Chicchiriccò <il...@apache.org>.

On 23/04/20 15:31, Misagh Moayyed wrote:
> In the same vein, I'd like to update the master branch to use jQuery 3.5.0. While optional for now, this will soon (1-2 days) become a requirement for the WA module to function correctly. Local testing shows that the upgrade is innocuous. 

If the REST service docs showing at

http://localhost:9080/syncope/

works still fine with jQuery 3.5.0, then +1 for me to go ahead and upgrade on master.

Console and Enduser do use jQuery via Wicket, so no issues from those.

Regards.

> ----- Original Message -----
>> From: "Colm O hEigeartaigh" <co...@apache.org>
>> To: "dev" <de...@syncope.apache.org>
>> Sent: Thursday, April 23, 2020 12:10:28 PM
>> Subject: Re: Jquery version on 2.1.x/2.0.x
>> That's great, thanks!
>>
>> Colm.
>>
>> On Thu, Apr 23, 2020 at 8:35 AM Francesco Chicchiriccò <il...@apache.org>
>> wrote:
>>
>>> On 23/04/20 08:58, Francesco Chicchiriccò wrote:
>>>> On 23/04/20 08:51, Colm O hEigeartaigh wrote:
>>>>> Is it possible to update the JQuery version on 2.1.x/2.0.x to the same
>>>>> version as on master? (3.4.1). It seems the existing version is
>>> vulnerable
>>>>> to https://nvd.nist.gov/vuln/detail/CVE-2019-11358
>>>> Hi Colm,
>>>> I don't see issue. Let me do some local tests to confirm and I'll revert
>>> here.
>>>> Regards.
>>> Found no issues, proceeded with upgrade:
>>>
>>> * 2_0_X:
>>> https://github.com/apache/syncope/commit/8ec6c23498aa058860024a2940b8d3104b4be7d6
>>> * 2_1_X:
>>> https://github.com/apache/syncope/commit/40bb5d7fe3790a5a66743d8473de0976bb2780b7
>>>
>>> Regards.
>>>
>>> --
>>> Francesco Chicchiriccò
>>>
>>> Tirasa - Open Source Excellence
>>> http://www.tirasa.net/
>>>
>>> Member at The Apache Software Foundation
>>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>>> http://home.apache.org/~ilgrosso/
>>>

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Re: Jquery version on 2.1.x/2.0.x

Posted by Misagh Moayyed <mi...@tirasa.net>.

In the same vein, I'd like to update the master branch to use jQuery 3.5.0. While optional for now, this will soon (1-2 days) become a requirement for the WA module to function correctly. Local testing shows that the upgrade is innocuous. 

--Misagh

----- Original Message -----
> From: "Colm O hEigeartaigh" <co...@apache.org>
> To: "dev" <de...@syncope.apache.org>
> Sent: Thursday, April 23, 2020 12:10:28 PM
> Subject: Re: Jquery version on 2.1.x/2.0.x

> That's great, thanks!
> 
> Colm.
> 
> On Thu, Apr 23, 2020 at 8:35 AM Francesco Chicchiriccò <il...@apache.org>
> wrote:
> 
>> On 23/04/20 08:58, Francesco Chicchiriccò wrote:
>> > On 23/04/20 08:51, Colm O hEigeartaigh wrote:
>> >> Is it possible to update the JQuery version on 2.1.x/2.0.x to the same
>> >> version as on master? (3.4.1). It seems the existing version is
>> vulnerable
>> >> to https://nvd.nist.gov/vuln/detail/CVE-2019-11358
>> > Hi Colm,
>> > I don't see issue. Let me do some local tests to confirm and I'll revert
>> here.
>> >
>> > Regards.
>>
>> Found no issues, proceeded with upgrade:
>>
>> * 2_0_X:
>> https://github.com/apache/syncope/commit/8ec6c23498aa058860024a2940b8d3104b4be7d6
>> * 2_1_X:
>> https://github.com/apache/syncope/commit/40bb5d7fe3790a5a66743d8473de0976bb2780b7
>>
>> Regards.
>>
>> --
>> Francesco Chicchiriccò
>>
>> Tirasa - Open Source Excellence
>> http://www.tirasa.net/
>>
>> Member at The Apache Software Foundation
>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>> http://home.apache.org/~ilgrosso/
>>

Re: Jquery version on 2.1.x/2.0.x

Posted by Colm O hEigeartaigh <co...@apache.org>.

That's great, thanks!

Colm.

On Thu, Apr 23, 2020 at 8:35 AM Francesco Chicchiriccò <il...@apache.org>
wrote:

> On 23/04/20 08:58, Francesco Chicchiriccò wrote:
> > On 23/04/20 08:51, Colm O hEigeartaigh wrote:
> >> Is it possible to update the JQuery version on 2.1.x/2.0.x to the same
> >> version as on master? (3.4.1). It seems the existing version is
> vulnerable
> >> to https://nvd.nist.gov/vuln/detail/CVE-2019-11358
> > Hi Colm,
> > I don't see issue. Let me do some local tests to confirm and I'll revert
> here.
> >
> > Regards.
>
> Found no issues, proceeded with upgrade:
>
> * 2_0_X:
> https://github.com/apache/syncope/commit/8ec6c23498aa058860024a2940b8d3104b4be7d6
> * 2_1_X:
> https://github.com/apache/syncope/commit/40bb5d7fe3790a5a66743d8473de0976bb2780b7
>
> Regards.
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
>
>

Re: Jquery version on 2.1.x/2.0.x

Posted by Francesco Chicchiriccò <il...@apache.org>.

On 23/04/20 08:58, Francesco Chicchiriccò wrote:
> On 23/04/20 08:51, Colm O hEigeartaigh wrote:
>> Is it possible to update the JQuery version on 2.1.x/2.0.x to the same
>> version as on master? (3.4.1). It seems the existing version is vulnerable
>> to https://nvd.nist.gov/vuln/detail/CVE-2019-11358
> Hi Colm,
> I don't see issue. Let me do some local tests to confirm and I'll revert here.
>
> Regards.

Found no issues, proceeded with upgrade:

* 2_0_X: https://github.com/apache/syncope/commit/8ec6c23498aa058860024a2940b8d3104b4be7d6
* 2_1_X: https://github.com/apache/syncope/commit/40bb5d7fe3790a5a66743d8473de0976bb2780b7

Regards.

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Re: Jquery version on 2.1.x/2.0.x

Posted by Francesco Chicchiriccò <il...@apache.org>.

On 23/04/20 08:51, Colm O hEigeartaigh wrote:
> Is it possible to update the JQuery version on 2.1.x/2.0.x to the same
> version as on master? (3.4.1). It seems the existing version is vulnerable
> to https://nvd.nist.gov/vuln/detail/CVE-2019-11358

Hi Colm,
I don't see issue. Let me do some local tests to confirm and I'll revert here.

Regards.

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/