View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0026358 | mantisbt | security | public | 2019-11-15 03:03 | 2022-04-13 08:30 |
Reporter | jcamara | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | N/A |
Status | closed | Resolution | fixed | ||
Product Version | 2.22.0 | ||||
Target Version | 2.23.0 | Fixed in Version | 2.23.0 | ||
Summary | 0026358: Vulnerability from library Moment.js 2.15.2 | ||||
Description | Our security department reports a pair of known vulnerabilities related with Moment.js 2.15.2 The suggestion is promoting Moment.js version as far as possible. | ||||
Tags | No tags attached. | ||||
Thanks for the heads up. Upgrading to the latest moment.js release (2.24.0 as of this writing) should not be a problem, but requires some testing. |
|
MantisBT: master 1bd17e65 2019-11-15 02:08 Details Diff |
Update moment.js library to 2.24.0 Version 2.15.2 we've been using since the introduction of Modern UI is exposed to 2 known vulnerabilities, CVE-2016-4055 and CVE-2017-18214. Fixes 0026358 |
Affected Issues 0026358 |
|
mod - core/constant_inc.php | Diff File | ||
rm - js/moment-with-locales-2.15.2.min.js | Diff | ||
add - js/moment-with-locales-2.24.0.min.js | Diff File | ||
mod - library/README.md | Diff File |