You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@archiva.apache.org by Eric Fetzer <er...@gmail.com> on 2020/09/16 15:03:50 UTC

Archiva jQuery Version Vulnerability

Hi all!  I asked on the user forum but it seems to be unmanned.  Are you
able to instruct me on how I would upgrade the jQuery version used by
Archiva?  Security team is ready to have my hide...

Plugin Output:
  URL               : http://myMachine:8081/js/jquery-1.11.1.min.js
<http://mymachine:8081/js/jquery-1.11.1.min.js>
  Installed version : 1.11.1
  Fixed version     : 3.5.0


Thanks much!
Eric

Re: Archiva jQuery Version Vulnerability

Posted by Martin <ma...@apache.org>.

Hi Eric,

unfortunately it will not work to replace jquery with the version 3.5.0 without changing the code.
The only version that may be compatible would be: https://code.jquery.com/jquery-1.12.4.min.js
You can try to replace the file apps/archiva/js/jquery-1.11.1.min.js in the archiva installation with the above version. 
But no guarantee that this will work.
There are no plans at the time to switch to jquery >=3.5.0 version for archiva 2.x. 

Regards

Martin

Am Mittwoch, 16. September 2020, 17:03:50 CEST schrieb Eric Fetzer:
> Hi all!  I asked on the user forum but it seems to be unmanned.  Are you
> able to instruct me on how I would upgrade the jQuery version used by
> Archiva?  Security team is ready to have my hide...
> 
> Plugin Output:
>   URL               : http://myMachine:8081/js/jquery-1.11.1.min.js
> <http://mymachine:8081/js/jquery-1.11.1.min.js>
>   Installed version : 1.11.1
>   Fixed version     : 3.5.0
> 
> 
> Thanks much!
> Eric
>