You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@felix.apache.org by "Carsten Ziegeler (Jira)" <ji...@apache.org> on 2020/12/08 10:37:00 UTC

[jira] [Resolved] (FELIX-6366) Update to jQuery 3.5.1 and jQuery migrate 3.3.0

     [ https://issues.apache.org/jira/browse/FELIX-6366?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Carsten Ziegeler resolved FELIX-6366.
-------------------------------------
    Resolution: Fixed

Thanks [~abhigarg1] for the PR

> Update to jQuery 3.5.1 and jQuery migrate 3.3.0
> -----------------------------------------------
>
>                 Key: FELIX-6366
>                 URL: https://issues.apache.org/jira/browse/FELIX-6366
>             Project: Felix
>          Issue Type: Bug
>          Components: Web Console
>            Reporter: Abhishek Garg
>            Assignee: Carsten Ziegeler
>            Priority: Major
>             Fix For: webconsole-4.5.6
>
>
> jQuery versions greater than or equal to 1.0.3 and before 3.5.0 are vulnerable to CVE-2020-11023 [0] .
> The webconsole currently uses jQuery 3.4.1 see [1].  jQuery >= 3.5.0 addresses this issues [https://blog.jquery.com/2020/05/04/jquery-3-5-1-released-fixing-a-regression/]
> I'd propose upgrading to jQuery 3.5.1 and jQuery migrate from 3.1.0 to 3.3.0 to address this  
>   
> [0]:[https://nvd.nist.gov/vuln/detail/CVE-2020-11023#vulnCurrentDescriptionTitle]
>  [1] :[https://github.com/apache/felix-dev/blob/master/webconsole/src/main/resources/res/lib/jquery-3.4.1.js]
>  [2]:[https://jquery.com/upgrade-guide/3.5/]
>  [3]: [https://code.jquery.com/jquery-migrate-3.3.0.js]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)