Details
-
Type:
Task
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: EE-4.3.0.GA_P05, EE-3.3.0.GA_P11
-
Fix Version/s: EE-4.3.0.GA_P06, EE-3.3.0.GA_P12
-
Component/s: ACE-Components
-
Labels:None
-
Environment:Any
Description
The versions of jQuery and jQuery UI that we use are 1.12.4 and 1.8.24, respectively. We stopped upgrading to newer versions of these libraries years ago for a number of reasons, which include the many custom fixes that we have added to that code to work with our components and to preserve the stability that ICEfaces has offered for many years. We have also updated these libraries with security fixes for vulnerabilities that have been found. Those vulnerabilities have been reported in the following wiki article:
http://www.icesoft.org/wiki/pages/viewpage.action?pageId=16711682
This JIRA is to find any new vulnerabilities that have been reported in these libraries and to apply the respective security fixes to the custom versions that we keep of these libraries. Any new fixes should be reported in the wiki article above.
More specific details about these vulnerabilities can be found on these pages:
https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/Jquery-Jquery.html
https://stack.watch/product/jquery/
https://security.snyk.io/package/npm/jquery
https://www.cvedetails.com/vulnerability-list/vendor_id-14952/Jqueryui.html
https://stack.watch/product/jqueryui/jquery-ui/
https://security.snyk.io/package/npm/jquery-ui
http://www.icesoft.org/wiki/pages/viewpage.action?pageId=16711682
This JIRA is to find any new vulnerabilities that have been reported in these libraries and to apply the respective security fixes to the custom versions that we keep of these libraries. Any new fixes should be reported in the wiki article above.
More specific details about these vulnerabilities can be found on these pages:
https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/Jquery-Jquery.html
https://stack.watch/product/jquery/
https://security.snyk.io/package/npm/jquery
https://www.cvedetails.com/vulnerability-list/vendor_id-14952/Jqueryui.html
https://stack.watch/product/jqueryui/jquery-ui/
https://security.snyk.io/package/npm/jquery-ui
More related information can be found in the following URLs:
jQuery
https://security.snyk.io/package/npm/jquery/1.12.4
https://stack.watch/product/jquery/
https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/Jquery-Jquery.html
jQuery UI
https://jqueryui.com/changelog/1.13.0/
https://github.com/jquery/jquery-ui/commit/32850869d308d5e7c9bf3e3b4d483ea886d373ce
https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
https://github.com/jquery/jquery-ui/commit/afe20b79a64266e64011f34b26a30b3d1c62fd47
https://stack.watch/product/jqueryui/jquery-ui/
https://security.snyk.io/vuln/SNYK-JS-JQUERYUI-1767175
https://www.cvedetails.com/vulnerability-list/vendor_id-14952/Jqueryui.html