Project

General

Profile

Actions

Bug #10722

closed

Update jQuery to 3.5.1

Added by Logan Marchione over 4 years ago. Updated over 4 years ago.

Status:
Duplicate
Priority:
Very Low
Assignee:
-
Category:
Web Interface
Target version:
-
Start date:
07/02/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.5-p1
Affected Architecture:

Description

In bug #9407, jQuery was updated to 3.4.1.

However, jQuery 3.5.1 fixes two security issues, one of which is a cross-site scripting (XSS) vulnerability.
https://blog.jquery.com/2020/05/04/jquery-3-5-1-released-fixing-a-regression/

See the upgrade guide for 3.5.
https://jquery.com/upgrade-guide/3.5/

More info below. Can this be updated for the next release?
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023

Actions

Also available in: Atom PDF