On 2/08/19 1:22 AM, Owen Leonard wrote: >> I would like to hear more details about why you want to upgrade jQuery. > I'm copying this out-of-thread reply because I think it's important > for anyone who's watching this issue: > > On Wed, Jul 31, 2019 at 7:56 PM Ing. Marcos Rene Alvarez Moreno > <mralvar...@dgb.unam.mx> wrote: > >> The reason for updating jquery is because the jQuery library in versions >> prior to 3.0.0 is vulnerable to Cross Site Scripting (XSS) attacks when >> a request is made type Ajax to other domains if the dataType option is >> not specified. >> It is specified in the jQuery Library vulnerable to XSS - CVE-2015-9251. > A direct link: https://nvd.nist.gov/vuln/detail/CVE-2015-9251 > > I want to point out that one aspect of the original post in this > conversation is incorrect: 18.11.x uses jQuery 2.2.3 (not 1.7) Koha uses both jquery versions; the reason is because staff/opac have different bootstrap versions
jquery 1.7 for opac jquery 2.2.3 for staff _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha