[jira] [Commented] (NETBEANS-2295) Update to knockout.js 3.5.0 to solve security issues

[Jaroslav Tulach (JIRA)]

    [ 
https://issues.apache.org/jira/browse/NETBEANS-2295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16833046#comment-16833046
 ] 

Jaroslav Tulach commented on NETBEANS-2295:
-------------------------------------------

Created a PR: [https://github.com/apache/netbeans-html4j/pull/20] to upgrade to 
3.5.0 then it is essential to create new release of HTML/Java.

> Update to knockout.js 3.5.0 to solve security issues
> ----------------------------------------------------
>
>                 Key: NETBEANS-2295
>                 URL: https://issues.apache.org/jira/browse/NETBEANS-2295
>             Project: NetBeans
>          Issue Type: Bug
>          Components: platform - HTML4J
>    Affects Versions: 10.0
>            Reporter: Jaroslav Tulach
>            Assignee: Jaroslav Tulach
>            Priority: Major
>
> h2. org-netbeans-html-ko4j.jar: knockout-3.4.0.js
> {color:#505f79}in 
> platform/modules/org-netbeans-html-ko4j.jar/org/netbeans/html/ko4j/knockout-3.4.0.js{color}
> ||Vulnerability||Resolution||
> |[https://github.com/knockout/knockout/issues/1244]| * cross site scripting 
> injection
>  * only exhibited in Internet Explorer 7 and older which is effectively not 
> used at all in 2019
>  * fixed in knockout 3.5.0+\||



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@netbeans.apache.org
For additional commands, e-mail: commits-h...@netbeans.apache.org

For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists