View Issue Details

IDProjectCategoryView StatusLast Update
0026357mantisbtsecuritypublic2021-11-22 12:10
Reporterjcamara Assigned To 
PrioritynormalSeverityminorReproducibilityN/A
Status acknowledgedResolutionopen 
Product Version2.22.0 
Summary0026357: Vulnerability from library JQuery 2.2.4
Description

Our security department reports a pair of known vulnerabilities related with JQuery 2.2.4:

https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/version_id-286394/Jquery-Jquery-2.2.4.html

The suggestion is promoting JQuery version as far as possible.

TagsNo tags attached.

Relationships

related to 0021214 closedcommunity Update jQuery to 2.2.4 
has duplicate 0026384 closeddregad Outdated jquery and bootstrap copies with known vulnerabilities 
has duplicate 0029305 resolveddregad Vulnerability in JQuery 2.2.4 Library 

Activities

dregad

dregad

2019-11-15 03:20

developer   ~0063096

Thanks for the report.

Unfortunately, we are currently on the latest jQuery 2.x release, which is no longer receiving patches. Upgrading to 3.x is not a small undertaking, considering the number of breaking changes, and would require extensinve testing to ensure full compatibility; sadly we do not have the bandwidth for taking this on at the moment.

Contributions are welcome.