View Issue Details

IDProjectCategoryView StatusLast Update
0026357mantisbtsecuritypublic2019-11-25 07:33
Reporterjcamara Assigned To 
PrioritynormalSeverityminorReproducibilityN/A
Status acknowledgedResolutionopen 
Product Version2.22.0 
Summary0026357: Vulnerability from library JQuery 2.2.4
Description

Our security department reports a pair of known vulnerabilities related with JQuery 2.2.4:

https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/version_id-286394/Jquery-Jquery-2.2.4.html

The suggestion is promoting JQuery version as far as possible.

TagsNo tags attached.

Relationships

related to 0021214 closedcommunity Update jQuery to 2.2.4 
has duplicate 0026384 resolveddregad Outdated jquery and bootstrap copies with known vulnerabilities 

Activities

dregad

dregad

2019-11-15 03:20

developer   ~0063096

Thanks for the report.

Unfortunately, we are currently on the latest jQuery 2.x release, which is no longer receiving patches. Upgrading to 3.x is not a small undertaking, considering the number of breaking changes, and would require extensinve testing to ensure full compatibility; sadly we do not have the bandwidth for taking this on at the moment.

Contributions are welcome.

Issue History

Date Modified Username Field Change
2019-11-15 03:00 jcamara New Issue
2019-11-15 03:20 dregad Status new => acknowledged
2019-11-15 03:20 dregad Note Added: 0063096
2019-11-15 03:31 dregad Relationship added related to 0021214
2019-11-25 07:33 dregad Relationship added has duplicate 0026384