0026357: Vulnerability from library JQuery 2.2.4

ID	Project	Category	View Status	Date Submitted	Last Update

0026357	mantisbt	security	public	2019-11-15 03:00	2019-11-25 07:33

Reporter	jcamara	Assigned To
Priority	normal	Severity	minor	Reproducibility	N/A
Status	acknowledged	Resolution	open
Product Version	2.22.0

Summary	0026357: Vulnerability from library JQuery 2.2.4
Description	Our security department reports a pair of known vulnerabilities related with JQuery 2.2.4: https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/version_id-286394/Jquery-Jquery-2.2.4.html The suggestion is promoting JQuery version as far as possible.
Tags	No tags attached.

dregad 2019-11-15 03:20 developer ~0063096	Thanks for the report. Unfortunately, we are currently on the latest jQuery 2.x release, which is no longer receiving patches. Upgrading to 3.x is not a small undertaking, considering the number of breaking changes, and would require extensinve testing to ensure full compatibility; sadly we do not have the bandwidth for taking this on at the moment. Contributions are welcome.

Date Modified	Username	Field	Change
2019-11-15 03:00	jcamara	New Issue
2019-11-15 03:20	dregad	Status	new => acknowledged
2019-11-15 03:20	dregad	Note Added: 0063096
2019-11-15 03:31	dregad	Relationship added	related to 0021214
2019-11-25 07:33	dregad	Relationship added	has duplicate 0026384

related to	0021214	closed	community	Update jQuery to 2.2.4
has duplicate	0026384	resolved	dregad	Outdated jquery and bootstrap copies with known vulnerabilities