Hello, My corp security department prevents me using the ReviewBoard because there are publicly known vulnerabilities in the one of RB's components (particularly jQuery 1.8).
Would it possible for the community to mitigate those issues ? CVE-2015-9251 <https://www.cvedetails.com/cve/CVE-2015-9251/> CVE-2012-6708 <https://www.cvedetails.com/cve/CVE-2012-6708/> https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/version_id-235567/opxss-1/Jquery-Jquery-1.8.1.html I saw that master branch in GitHub already has jQuery 3.3, hopefully RB 4.0 will met security requirements. Would it possible to backport jQuery3.3 to 2.0 and/or 3.0 ? Thanks in advance. -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
