[
https://issues.apache.org/jira/browse/FELIX-6185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16977416#comment-16977416
]
Colm O hEigeartaigh commented on FELIX-6185:
--------------------------------------------
[~cziegeler] - I think the fix for version should be webconsole-4.3.17 above?
Can we get a release out that includes this fix?
> jQuery <3.4.0 is vulnerable to prototype pollution attacks
> ----------------------------------------------------------
>
> Key: FELIX-6185
> URL: https://issues.apache.org/jira/browse/FELIX-6185
> Project: Felix
> Issue Type: Bug
> Components: Web Console
> Affects Versions: webconsole-4.3.16
> Reporter: Dale Clarke
> Assignee: Carsten Ziegeler
> Priority: Minor
> Labels: security
> Fix For: webconsole-4.3.18
>
>
> jQuery prior to version 3.4.0 was vulnerable to prototype pollution
> (https://snyk.io/test/npm/jquery/3.3.1). The webconsole currently uses
> jQuery 3.3.1. jQuery >= 3.4.0 addresses this issues
> ([https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/).] I'd propose
> upgrading to jQuery 3.4.1 and jQuery migrate from 3.0.0 to 3.1.0 to address
> this issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
