[jira] [Commented] (MESOS-10230) Please update JQuery from 3.2.1 to 3.5.0+

["Andreas Peters (Jira)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/MESOS-10230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17423666#comment-17423666 ] 

Andreas Peters commented on MESOS-10230:
----------------------------------------

My dry run on a server (master and agent) works well with jquery 3.6.0. Everything at the mesos ui still works. Nothing is broken, no error messages. I will build mesos to see if the build scripts missing sth. If everything is fine too, I will open a PR.

[~cf.natali] : As I know,  "mesos-site" is generated via jenkins. The source is the "mesos/site"! As I say, like I know. It does not mean I'm 100% sure. :) The website I will change later. [~pengels]  security scanner will not be affected by that. 

 

Have a nice weekend

Andreas

> Please update JQuery from 3.2.1 to 3.5.0+
> -----------------------------------------
>
>                 Key: MESOS-10230
>                 URL: https://issues.apache.org/jira/browse/MESOS-10230
>             Project: Mesos
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 1.11.0
>            Reporter: p engels
>            Priority: Minor
>
> JQuery versions between 1.2 and 3.5.0 are vulnerable to multiple cross-site-scripting vulnerabilities. More info can be found on JQuery's website:
> blog.jquery.com: [https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/]
> My organization's vulnerability scanner locates the out-of-date jquery at this url (sanitized for security reasons):
> [http://example.com:5050/assets/libs/jquery-3.2.1.min.js]
>  
> Please remove the old version of JQuery and replace it with version 3.5.0 or greater. If this is already planned for a future release, please comment on this request with the version this will be fixed in.
>  
> Keep up the good work, Apache community <3



--
This message was sent by Atlassian Jira
(v8.3.4#803005)