ICEfaces
  1. ICEfaces
  2. ICE-11564

Update our jQuery and jQuery UI code with new security fixes

    Details

    • Type: Task Task
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: EE-4.3.0.GA_P05, EE-3.3.0.GA_P11
    • Component/s: ACE-Components
    • Labels:
      None
    • Environment:
      Any

      Description

      The versions of jQuery and jQuery UI that we use are 1.12.4 and 1.8.24, respectively. We stopped upgrading to newer versions of these libraries years ago for a number of reasons, which include the many custom fixes that we have added to that code to work with our components and to preserve the stability that ICEfaces has offered for many years. We have also updated these libraries with security fixes for vulnerabilities that have been found. Those vulnerabilities have been reported in the following wiki article:

      http://www.icesoft.org/wiki/pages/viewpage.action?pageId=16711682

      This JIRA is to find any new vulnerabilities that have been reported in these libraries and to apply the respective security fixes to the custom versions that we keep of these libraries. Any new fixes should be reported in the wiki article above.

      More specific details about these vulnerabilities can be found on these pages:

      https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/Jquery-Jquery.html
      https://stack.watch/product/jquery/
      https://security.snyk.io/package/npm/jquery

      https://www.cvedetails.com/vulnerability-list/vendor_id-14952/Jqueryui.html
      https://stack.watch/product/jqueryui/jquery-ui/
      https://security.snyk.io/package/npm/jquery-ui

        Activity

          People

          • Assignee:
            Arturo Zambrano
            Reporter:
            Arturo Zambrano
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated: