This is an automated email from the ASF dual-hosted git repository.
granthenke pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
The following commit(s) were added to refs/heads/master by this push:
new e29dbb2 [Web-UI] Upgrade JQuery to 3.5.1
e29dbb2 is described below
commit e29dbb23ef4fcff1dcf620016e6d497117f16375
Author: Grant Henke <[email protected]>
AuthorDate: Wed Jul 8 13:22:34 2020 -0500
[Web-UI] Upgrade JQuery to 3.5.1
Security scans of Kudu can show CVE-2020-11023 as a possible
vulnerability given Kudu is using JQuery 3.2.1 for the web UI.
Though that vulnerability is not an actual issue and can not be
exploited in Kudu, we should still upgrade to avoid false positives
in future security scans.
https://nvd.nist.gov/vuln/detail/CVE-2020-11023
Change-Id: I3e5210d4d23b9b995e2011d32f245ed996c11db3
Reviewed-on: http://gerrit.cloudera.org:8080/16153
Tested-by: Kudu Jenkins
Reviewed-by: Andrew Wong <[email protected]>
Reviewed-by: Greg Solovyev <[email protected]>
---
build-support/release/rat_exclude_files.txt | 2 +-
src/kudu/server/webserver.cc | 2 +-
www/jquery-3.2.1.min.js | 4 ----
www/jquery-3.5.1.min.js | 2 ++
www/metrics.html | 2 +-
5 files changed, 5 insertions(+), 7 deletions(-)
diff --git a/build-support/release/rat_exclude_files.txt
b/build-support/release/rat_exclude_files.txt
index c5075aa..ac7746f 100644
--- a/build-support/release/rat_exclude_files.txt
+++ b/build-support/release/rat_exclude_files.txt
@@ -184,4 +184,4 @@ www/bootstrap/js/bootstrap.min.js
www/d3.v2.js
www/epoch.0.5.2.min.css
www/epoch.0.5.2.min.js
-www/jquery-3.2.1.min.js
+www/jquery-3.5.1.min.js
diff --git a/src/kudu/server/webserver.cc b/src/kudu/server/webserver.cc
index aeae119..a903661 100644
--- a/src/kudu/server/webserver.cc
+++ b/src/kudu/server/webserver.cc
@@ -729,7 +729,7 @@ static const char* const kMainTemplate = R"(
<meta charset='utf-8'/>
<link href='{{base_url}}/bootstrap/css/bootstrap.min.css' rel='stylesheet'
media='screen'/>
<link href='{{base_url}}/bootstrap/css/bootstrap-table.min.css'
rel='stylesheet' media='screen'/>
- <script src='{{base_url}}/jquery-3.2.1.min.js' defer></script>
+ <script src='{{base_url}}/jquery-3.5.1.min.js' defer></script>
<script src='{{base_url}}/bootstrap/js/bootstrap.min.js' defer></script>
<script src='{{base_url}}/bootstrap/js/bootstrap-table.min.js'
defer></script>
<script src='{{base_url}}/kudu.js' defer></script>
diff --git a/www/jquery-3.2.1.min.js b/www/jquery-3.2.1.min.js
deleted file mode 100644
index 644d35e..0000000
--- a/www/jquery-3.2.1.min.js
+++ /dev/null
@@ -1,4 +0,0 @@
-/*! jQuery v3.2.1 | (c) JS Foundation and other contributors |
jquery.org/license */
-!function(a,b){"use strict";"object"==typeof module&&"object"==typeof
module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw
new Error("jQuery requires a window with a document");return
b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use
strict";var
c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function
p(a,b){b=b||d;var c=b.createElem [...]
-a.removeEventListener("load",S),r.ready()}"complete"===d.readyState||"loading"!==d.readyState&&!d.documentElement.doScroll?a.setTimeout(r.ready):(d.addEventListener("DOMContentLoaded",S),a.addEventListener("load",S));var
T=function(a,b,c,d,e,f,g){var
h=0,i=a.length,j=null==c;if("object"===r.type(c)){e=!0;for(h in
c)T(a,b,h,c[h],!0,f,g)}else if(void
0!==d&&(e=!0,r.isFunction(d)||(g=!0),j&&(g?(b.call(a,d),b=null):(j=b,b=function(a,b,c){return
j.call(r(a),c)})),b))for(;h<i;h++)b(a[h],c,g?d: [...]
-null==d?void
0:d))},attrHooks:{type:{set:function(a,b){if(!o.radioValue&&"radio"===b&&B(a,"input")){var
c=a.value;return
a.setAttribute("type",b),c&&(a.value=c),b}}}},removeAttr:function(a,b){var
c,d=0,e=b&&b.match(L);if(e&&1===a.nodeType)while(c=e[d++])a.removeAttribute(c)}}),lb={set:function(a,b,c){return
b===!1?r.removeAttr(a,c):a.setAttribute(c,c),c}},r.each(r.expr.match.bool.source.match(/\w+/g),function(a,b){var
c=mb[b]||r.find.attr;mb[b]=function(a,b,d){var e,f,g=b.toLowerCase();r [...]
diff --git a/www/jquery-3.5.1.min.js b/www/jquery-3.5.1.min.js
new file mode 100644
index 0000000..b061403
--- /dev/null
+++ b/www/jquery-3.5.1.min.js
@@ -0,0 +1,2 @@
+/*! jQuery v3.5.1 | (c) JS Foundation and other contributors |
jquery.org/license */
+!function(e,t){"use strict";"object"==typeof module&&"object"==typeof
module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw
new Error("jQuery requires a window with a document");return
t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use
strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return
t.flat.call(e)}:function(e){return
t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=
[...]
diff --git a/www/metrics.html b/www/metrics.html
index 5564dad..bf4abf2 100644
--- a/www/metrics.html
+++ b/www/metrics.html
@@ -19,7 +19,7 @@ limitations under the License.
<title>Kudu metrics gauges</title>
<link rel="stylesheet" type="text/css" href="epoch.0.5.2.min.css" />
- <script type="text/javascript" src="jquery-3.2.1.min.js"></script>
+ <script type="text/javascript" src="jquery-3.5.1.min.js"></script>
<script type="text/javascript" src="d3.v2.js"></script>
<script type="text/javascript" src="epoch.0.5.2.min.js"></script>
<script type="text/javascript" src="metrics-epoch.js"></script>
