Menu

#63 JQuery shipped has volnerabilities

v1.0 (example)
closed-fixed
devloop
None
2
2020-12-24
2020-12-05
Michael Klemme
No

The current release 3.3 of Wapiti comes with JQuery-2.1.4.
This is known to have security issues.
https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/version_id-286389/Jquery-Jquery-2.1.4.html

This could be the core reason why some distributions like Ubuntu do not ship the JS files from the release, see #60 and https://bugs.launchpad.net/ubuntu/+source/wapiti/+bug/1906934 .

Discussion

  • devloop

    devloop - 2020-12-24
    • status: open --> closed-fixed
    • assigned_to: devloop
     

  • devloop

    devloop - 2020-12-24

    Fixed with latest commit, updated Kube to latest version, it doesn't require jquery anymore

     

Log in to post a comment.