You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2020/04/23 06:51:48 UTC
Jquery version on 2.1.x/2.0.x
Is it possible to update the JQuery version on 2.1.x/2.0.x to the same
version as on master? (3.4.1). It seems the existing version is vulnerable
to https://nvd.nist.gov/vuln/detail/CVE-2019-11358
Colm.
Re: Jquery version on 2.1.x/2.0.x
Posted by Misagh Moayyed <mi...@tirasa.net>.
Tested the upgrade to jQuery 3.5.0. No issues.
--Misagh
----- Original Message -----
> From: "Francesco Chicchiriccò" <il...@apache.org>
> To: "dev" <de...@syncope.apache.org>
> Sent: Thursday, April 23, 2020 6:04:10 PM
> Subject: Re: Jquery version on 2.1.x/2.0.x
> On 23/04/20 15:31, Misagh Moayyed wrote:
>> In the same vein, I'd like to update the master branch to use jQuery 3.5.0.
>> While optional for now, this will soon (1-2 days) become a requirement for the
>> WA module to function correctly. Local testing shows that the upgrade is
>> innocuous.
>
> If the REST service docs showing at
>
> http://localhost:9080/syncope/
>
> works still fine with jQuery 3.5.0, then +1 for me to go ahead and upgrade on
> master.
>
> Console and Enduser do use jQuery via Wicket, so no issues from those.
>
> Regards.
>
>> ----- Original Message -----
>>> From: "Colm O hEigeartaigh" <co...@apache.org>
>>> To: "dev" <de...@syncope.apache.org>
>>> Sent: Thursday, April 23, 2020 12:10:28 PM
>>> Subject: Re: Jquery version on 2.1.x/2.0.x
>>> That's great, thanks!
>>>
>>> Colm.
>>>
>>> On Thu, Apr 23, 2020 at 8:35 AM Francesco Chicchiriccò <il...@apache.org>
>>> wrote:
>>>
>>>> On 23/04/20 08:58, Francesco Chicchiriccò wrote:
>>>>> On 23/04/20 08:51, Colm O hEigeartaigh wrote:
>>>>>> Is it possible to update the JQuery version on 2.1.x/2.0.x to the same
>>>>>> version as on master? (3.4.1). It seems the existing version is
>>>> vulnerable
>>>>>> to https://nvd.nist.gov/vuln/detail/CVE-2019-11358
>>>>> Hi Colm,
>>>>> I don't see issue. Let me do some local tests to confirm and I'll revert
>>>> here.
>>>>> Regards.
>>>> Found no issues, proceeded with upgrade:
>>>>
>>>> * 2_0_X:
>>>> https://github.com/apache/syncope/commit/8ec6c23498aa058860024a2940b8d3104b4be7d6
>>>> * 2_1_X:
>>>> https://github.com/apache/syncope/commit/40bb5d7fe3790a5a66743d8473de0976bb2780b7
>>>>
>>>> Regards.
>>>>
>>>> --
>>>> Francesco Chicchiriccò
>>>>
>>>> Tirasa - Open Source Excellence
>>>> http://www.tirasa.net/
>>>>
>>>> Member at The Apache Software Foundation
>>>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>>>> http://home.apache.org/~ilgrosso/
>>>>
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
Re: Jquery version on 2.1.x/2.0.x
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 23/04/20 15:31, Misagh Moayyed wrote:
> In the same vein, I'd like to update the master branch to use jQuery 3.5.0. While optional for now, this will soon (1-2 days) become a requirement for the WA module to function correctly. Local testing shows that the upgrade is innocuous.
If the REST service docs showing at
http://localhost:9080/syncope/
works still fine with jQuery 3.5.0, then +1 for me to go ahead and upgrade on master.
Console and Enduser do use jQuery via Wicket, so no issues from those.
Regards.
> ----- Original Message -----
>> From: "Colm O hEigeartaigh" <co...@apache.org>
>> To: "dev" <de...@syncope.apache.org>
>> Sent: Thursday, April 23, 2020 12:10:28 PM
>> Subject: Re: Jquery version on 2.1.x/2.0.x
>> That's great, thanks!
>>
>> Colm.
>>
>> On Thu, Apr 23, 2020 at 8:35 AM Francesco Chicchiriccò <il...@apache.org>
>> wrote:
>>
>>> On 23/04/20 08:58, Francesco Chicchiriccò wrote:
>>>> On 23/04/20 08:51, Colm O hEigeartaigh wrote:
>>>>> Is it possible to update the JQuery version on 2.1.x/2.0.x to the same
>>>>> version as on master? (3.4.1). It seems the existing version is
>>> vulnerable
>>>>> to https://nvd.nist.gov/vuln/detail/CVE-2019-11358
>>>> Hi Colm,
>>>> I don't see issue. Let me do some local tests to confirm and I'll revert
>>> here.
>>>> Regards.
>>> Found no issues, proceeded with upgrade:
>>>
>>> * 2_0_X:
>>> https://github.com/apache/syncope/commit/8ec6c23498aa058860024a2940b8d3104b4be7d6
>>> * 2_1_X:
>>> https://github.com/apache/syncope/commit/40bb5d7fe3790a5a66743d8473de0976bb2780b7
>>>
>>> Regards.
>>>
>>> --
>>> Francesco Chicchiriccò
>>>
>>> Tirasa - Open Source Excellence
>>> http://www.tirasa.net/
>>>
>>> Member at The Apache Software Foundation
>>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>>> http://home.apache.org/~ilgrosso/
>>>
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: Jquery version on 2.1.x/2.0.x
Posted by Misagh Moayyed <mi...@tirasa.net>.
In the same vein, I'd like to update the master branch to use jQuery 3.5.0. While optional for now, this will soon (1-2 days) become a requirement for the WA module to function correctly. Local testing shows that the upgrade is innocuous.
--Misagh
----- Original Message -----
> From: "Colm O hEigeartaigh" <co...@apache.org>
> To: "dev" <de...@syncope.apache.org>
> Sent: Thursday, April 23, 2020 12:10:28 PM
> Subject: Re: Jquery version on 2.1.x/2.0.x
> That's great, thanks!
>
> Colm.
>
> On Thu, Apr 23, 2020 at 8:35 AM Francesco Chicchiriccò <il...@apache.org>
> wrote:
>
>> On 23/04/20 08:58, Francesco Chicchiriccò wrote:
>> > On 23/04/20 08:51, Colm O hEigeartaigh wrote:
>> >> Is it possible to update the JQuery version on 2.1.x/2.0.x to the same
>> >> version as on master? (3.4.1). It seems the existing version is
>> vulnerable
>> >> to https://nvd.nist.gov/vuln/detail/CVE-2019-11358
>> > Hi Colm,
>> > I don't see issue. Let me do some local tests to confirm and I'll revert
>> here.
>> >
>> > Regards.
>>
>> Found no issues, proceeded with upgrade:
>>
>> * 2_0_X:
>> https://github.com/apache/syncope/commit/8ec6c23498aa058860024a2940b8d3104b4be7d6
>> * 2_1_X:
>> https://github.com/apache/syncope/commit/40bb5d7fe3790a5a66743d8473de0976bb2780b7
>>
>> Regards.
>>
>> --
>> Francesco Chicchiriccò
>>
>> Tirasa - Open Source Excellence
>> http://www.tirasa.net/
>>
>> Member at The Apache Software Foundation
>> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
>> http://home.apache.org/~ilgrosso/
>>
Re: Jquery version on 2.1.x/2.0.x
Posted by Colm O hEigeartaigh <co...@apache.org>.
That's great, thanks!
Colm.
On Thu, Apr 23, 2020 at 8:35 AM Francesco Chicchiriccò <il...@apache.org>
wrote:
> On 23/04/20 08:58, Francesco Chicchiriccò wrote:
> > On 23/04/20 08:51, Colm O hEigeartaigh wrote:
> >> Is it possible to update the JQuery version on 2.1.x/2.0.x to the same
> >> version as on master? (3.4.1). It seems the existing version is
> vulnerable
> >> to https://nvd.nist.gov/vuln/detail/CVE-2019-11358
> > Hi Colm,
> > I don't see issue. Let me do some local tests to confirm and I'll revert
> here.
> >
> > Regards.
>
> Found no issues, proceeded with upgrade:
>
> * 2_0_X:
> https://github.com/apache/syncope/commit/8ec6c23498aa058860024a2940b8d3104b4be7d6
> * 2_1_X:
> https://github.com/apache/syncope/commit/40bb5d7fe3790a5a66743d8473de0976bb2780b7
>
> Regards.
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
>
>
Re: Jquery version on 2.1.x/2.0.x
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 23/04/20 08:58, Francesco Chicchiriccò wrote:
> On 23/04/20 08:51, Colm O hEigeartaigh wrote:
>> Is it possible to update the JQuery version on 2.1.x/2.0.x to the same
>> version as on master? (3.4.1). It seems the existing version is vulnerable
>> to https://nvd.nist.gov/vuln/detail/CVE-2019-11358
> Hi Colm,
> I don't see issue. Let me do some local tests to confirm and I'll revert here.
>
> Regards.
Found no issues, proceeded with upgrade:
* 2_0_X: https://github.com/apache/syncope/commit/8ec6c23498aa058860024a2940b8d3104b4be7d6
* 2_1_X: https://github.com/apache/syncope/commit/40bb5d7fe3790a5a66743d8473de0976bb2780b7
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: Jquery version on 2.1.x/2.0.x
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 23/04/20 08:51, Colm O hEigeartaigh wrote:
> Is it possible to update the JQuery version on 2.1.x/2.0.x to the same
> version as on master? (3.4.1). It seems the existing version is vulnerable
> to https://nvd.nist.gov/vuln/detail/CVE-2019-11358
Hi Colm,
I don't see issue. Let me do some local tests to confirm and I'll revert here.
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/