Details
-
Type: Task
-
Status: Open
-
Priority: Major
-
Resolution: Unresolved
-
Affects Version/s: EE-4.3.0.GA_P05, EE-3.3.0.GA_P11
-
Fix Version/s: EE-4.3.0.GA_P06, EE-3.3.0.GA_P12
-
Component/s: ACE-Components
-
Labels:None
-
Environment:Any
Description
The versions of jQuery and jQuery UI that we use are 1.12.4 and 1.8.24, respectively. We stopped upgrading to newer versions of these libraries years ago for a number of reasons, which include the many custom fixes that we have added to that code to work with our components and to preserve the stability that ICEfaces has offered for many years. We have also updated these libraries with security fixes for vulnerabilities that have been found. Those vulnerabilities have been reported in the following wiki article:
http://www.icesoft.org/wiki/pages/viewpage.action?pageId=16711682
This JIRA is to find any new vulnerabilities that have been reported in these libraries and to apply the respective security fixes to the custom versions that we keep of these libraries. Any new fixes should be reported in the wiki article above.
More specific details about these vulnerabilities can be found on these pages:
https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/Jquery-Jquery.html
https://stack.watch/product/jquery/
https://security.snyk.io/package/npm/jquery
https://www.cvedetails.com/vulnerability-list/vendor_id-14952/Jqueryui.html
https://stack.watch/product/jqueryui/jquery-ui/
https://security.snyk.io/package/npm/jquery-ui
http://www.icesoft.org/wiki/pages/viewpage.action?pageId=16711682
This JIRA is to find any new vulnerabilities that have been reported in these libraries and to apply the respective security fixes to the custom versions that we keep of these libraries. Any new fixes should be reported in the wiki article above.
More specific details about these vulnerabilities can be found on these pages:
https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/Jquery-Jquery.html
https://stack.watch/product/jquery/
https://security.snyk.io/package/npm/jquery
https://www.cvedetails.com/vulnerability-list/vendor_id-14952/Jqueryui.html
https://stack.watch/product/jqueryui/jquery-ui/
https://security.snyk.io/package/npm/jquery-ui
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion
Arturo Zambrano
created issue -
Arturo Zambrano
made changes -
Field | Original Value | New Value |
---|---|---|
Fix Version/s | EE-4.3.0.GA_P06 [ 14175 ] | |
Fix Version/s | EE-3.3.0.GA_P12 [ 14176 ] |