You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Carsten Ziegeler (Jira)" <ji...@apache.org> on 2020/12/08 10:37:00 UTC
[jira] [Resolved] (FELIX-6366) Update to jQuery 3.5.1 and jQuery
migrate 3.3.0
[ https://issues.apache.org/jira/browse/FELIX-6366?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler resolved FELIX-6366.
-------------------------------------
Resolution: Fixed
Thanks [~abhigarg1] for the PR
> Update to jQuery 3.5.1 and jQuery migrate 3.3.0
> -----------------------------------------------
>
> Key: FELIX-6366
> URL: https://issues.apache.org/jira/browse/FELIX-6366
> Project: Felix
> Issue Type: Bug
> Components: Web Console
> Reporter: Abhishek Garg
> Assignee: Carsten Ziegeler
> Priority: Major
> Fix For: webconsole-4.5.6
>
>
> jQuery versions greater than or equal to 1.0.3 and before 3.5.0 are vulnerable to CVE-2020-11023 [0] .
> The webconsole currently uses jQuery 3.4.1 see [1]. jQuery >= 3.5.0 addresses this issues [https://blog.jquery.com/2020/05/04/jquery-3-5-1-released-fixing-a-regression/]
> I'd propose upgrading to jQuery 3.5.1 and jQuery migrate from 3.1.0 to 3.3.0 to address this
>
> [0]:[https://nvd.nist.gov/vuln/detail/CVE-2020-11023#vulnCurrentDescriptionTitle]
> [1] :[https://github.com/apache/felix-dev/blob/master/webconsole/src/main/resources/res/lib/jquery-3.4.1.js]
> [2]:[https://jquery.com/upgrade-guide/3.5/]
> [3]: [https://code.jquery.com/jquery-migrate-3.3.0.js]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)