[jira] [Commented] (FELIX-6561) Vulnerabilities in jquery-ui-1.12.1.js

Carsten Ziegeler (Jira) Thu, 01 Sep 2022 00:13:07 -0700


    [ 
https://issues.apache.org/jira/browse/FELIX-6561?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17598769#comment-17598769
 ]


Carsten Ziegeler commented on FELIX-6561:
-----------------------------------------

Updated to UI 1.13.2, jquery to 3.6.1 and jquery migrate to 3.4.0 in 
https://github.com/apache/felix-dev/commit/4e6c6640bc3144f5dd2f00ca8e7c9a2658b5c7e7

Leaving the issue open for a while to catch potentially UI glitches

> Vulnerabilities in jquery-ui-1.12.1.js
> --------------------------------------
>
>                 Key: FELIX-6561
>                 URL: https://issues.apache.org/jira/browse/FELIX-6561
>             Project: Felix
>          Issue Type: Bug
>          Components: Web Console
>    Affects Versions: webconsole-4.6.4, webconsole-4.7.2, webconsole-4.8.2
>            Reporter: Robert Alan Chapton
>            Assignee: Carsten Ziegeler
>            Priority: Critical
>              Labels: CVE, SECURITY, jquery-ui, vulnerabilities
>             Fix For: webconsole-4.8.4
>
>
> jQuery-UI 1.12.1 used by felix webconsole has 3 security vulnerabilities
> [https://www.cvedetails.com/cve/CVE-2021-41182/]
> [https://www.cvedetails.com/cve/CVE-2021-41183/]
> [https://www.cvedetails.com/cve/CVE-2021-41184/]
> the file in question is located within felix webconsole
> {code:java}
> res/lib/jquery-ui-1.12.1.js {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (FELIX-6561) Vulnerabilities in jquery-ui-1.12.1.js

Reply via email to