Re: jQuery 1.8 vulnerability

2018-05-10 Thread David Trowbridge 
Daniel,

Review board does not use either strInput or cross-domain ajax requests, so
it is not affected by either of these vulnerabilities.

-David

On Thu, May 10, 2018 at 9:19 AM Daniel  wrote:

> Hello,
>
> My corp security department prevents me using the ReviewBoard because
> there are publicly known vulnerabilities in the one of RB's components
> (particularly jQuery 1.8).
>
> Would it possible for the community to mitigate those issues ?
>
>
> CVE-2015-9251 
>
> CVE-2012-6708 
>
>
>
>
> https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/version_id-235567/opxss-1/Jquery-Jquery-1.8.1.html
>
>
> I saw that master branch in GitHub already has jQuery 3.3, hopefully RB
> 4.0 will met security requirements. Would it possible to backport jQuery3.3
> to 2.0 and/or 3.0 ?
>
>
> Thanks in advance.
>
> --
> Supercharge your Review Board with Power Pack:
> https://www.reviewboard.org/powerpack/
> Want us to host Review Board for you? Check out RBCommons:
> https://rbcommons.com/
> Happy user? Let us know! https://www.reviewboard.org/users/
> ---
> You received this message because you are subscribed to the Google Groups
> "Review Board Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to reviewboard+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
Supercharge your Review Board with Power Pack: 
https://www.reviewboard.org/powerpack/
Want us to host Review Board for you? Check out RBCommons: 
https://rbcommons.com/
Happy user? Let us know! https://www.reviewboard.org/users/
--- 
You received this message because you are subscribed to the Google Groups 
"Review Board Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

jQuery 1.8 vulnerability

2018-05-10 Thread Daniel 
Hello,

My corp security department prevents me using the ReviewBoard because there 
are publicly known vulnerabilities in the one of RB's components 
(particularly jQuery 1.8).

Would it possible for the community to mitigate those issues ?


CVE-2015-9251 

CVE-2012-6708 

 

https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/version_id-235567/opxss-1/Jquery-Jquery-1.8.1.html
 


I saw that master branch in GitHub already has jQuery 3.3, hopefully RB 4.0 
will met security requirements. Would it possible to backport jQuery3.3 to 
2.0 and/or 3.0 ?


Thanks in advance.

-- 
Supercharge your Review Board with Power Pack: 
https://www.reviewboard.org/powerpack/
Want us to host Review Board for you? Check out RBCommons: 
https://rbcommons.com/
Happy user? Let us know! https://www.reviewboard.org/users/
--- 
You received this message because you are subscribed to the Google Groups 
"Review Board Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.