Daniel, Review board does not use either strInput or cross-domain ajax requests, so it is not affected by either of these vulnerabilities.
-David On Thu, May 10, 2018 at 9:19 AM Daniel <[email protected]> wrote: > Hello, > > My corp security department prevents me using the ReviewBoard because > there are publicly known vulnerabilities in the one of RB's components > (particularly jQuery 1.8). > > Would it possible for the community to mitigate those issues ? > > > CVE-2015-9251 <https://www.cvedetails.com/cve/CVE-2015-9251/> > > CVE-2012-6708 <https://www.cvedetails.com/cve/CVE-2012-6708/> > > > > > https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/version_id-235567/opxss-1/Jquery-Jquery-1.8.1.html > > > I saw that master branch in GitHub already has jQuery 3.3, hopefully RB > 4.0 will met security requirements. Would it possible to backport jQuery3.3 > to 2.0 and/or 3.0 ? > > > Thanks in advance. > > -- > Supercharge your Review Board with Power Pack: > https://www.reviewboard.org/powerpack/ > Want us to host Review Board for you? Check out RBCommons: > https://rbcommons.com/ > Happy user? Let us know! https://www.reviewboard.org/users/ > --- > You received this message because you are subscribed to the Google Groups > "Review Board Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
