Actions
Bug #10722
closed
Update jQuery to 3.5.1
Status:
Duplicate
Priority:
Very Low
Assignee:
-
Category:
Web Interface
Target version:
-
Start date:
07/02/2020
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.5-p1
Affected Architecture:
Description
In bug #9407, jQuery was updated to 3.4.1.
However, jQuery 3.5.1 fixes two security issues, one of which is a cross-site scripting (XSS) vulnerability.
https://blog.jquery.com/2020/05/04/jquery-3-5-1-released-fixing-a-regression/
See the upgrade guide for 3.5.
https://jquery.com/upgrade-guide/3.5/
More info below. Can this be updated for the next release?
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
Updated by
Actions