Hi, Am 21.03.23 um 16:03 schrieb Mark H. Wood:
On Mon, Mar 20, 2023 at 12:02:35PM -0700, [email protected] wrote:We have been notified by campus network authorities that our dspace server is vulnerable because it is running outdated versions of jQuery. We are in the process of creating a new dspace 7 server to replace this server, but that will not happen in the short time that we have been given to fix this vulnerability.How can we quickly upgrade jQuery on our server? Where can I find instructions on updating the jQuery software in our xmlui in our instance of dspace 5? Can our built process be modified to bring in more up to date jQuery packages? EOL/Obsolete Software: jQuery 1.x and 2.x Detected -EOL Software:jQuery Version 1.x or 2.x Detected.jquery/jquery-1.4.4.min.jsI don't know how much work is required to update to jQuery v3. Updating across two major releases might break a number of things.
[…]ist seems to be we have the same problem; ours ist jQuery 1.10.2 (by package.json) , and a good place to start seems to be scripts.xml in the theme folder.
Searched a bit and found this https://www.cvedetails.com/vulnerability-list/vendor_id-6538/Jquery.html and this https://www.computerminds.co.uk/articles/upgrading-jquery-1x-version-3x Presumably DSpace 6.x is affected to ? I'll try inspecting on our test-version tomorrow… -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx--- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/052efc19-b4ab-936d-849a-65dae678ee08%40bibliothek.uni-kassel.de.
smime.p7s
Description: S/MIME Cryptographic Signature
