Hi Ilja,
Yes, we'd encourage a Pull Request if you are willing. Thanks for making
us aware of this.
- Tim
On 3/8/2016 6:55 AM, Ilja Sidoroff wrote:
At routine system scan by our IT department noticed, that mirage theme
uses jQuery version 1.6.2, which is vulnerable to a XSS attack [1]. I
don't know if this actually exploitable in DSpace, but anyway it seems
that this is fixable by simple bumping the version to 1.6.4. Is it
worth of making a pull request to fix this?
Ilja Sidoroff
Information Specialist
University of Eastern Finland, Library
[1] CVE-2011-4969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4969
--
You received this message because you are subscribed to the Google
Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
To post to this group, send email to [email protected]
<mailto:[email protected]>.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.
--
Tim Donohue
Technical Lead for DSpace & DSpaceDirect
DuraSpace.org | DSpace.org | DSpaceDirect.org
--
You received this message because you are subscribed to the Google Groups "DSpace
Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.