[Bug 1955556] Re: Javascript libraries with vulnerabilities
** Changed in: horizon Status: New => Confirmed ** Changed in: horizon Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/196 Title: Javascript libraries with vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1955556] Re: Javascript libraries with vulnerabilities
https://bugs.launchpad.net/horizon/+bug/1960489 got duplicated to this bug. In that bug I listed 4 CVEs where, based on the CVE description, the issues only fixed in JQuery >= 3 (and 3.5 in some cases). This bug is marked as Invalid from upstream perspective stating that "From an upstream OpenStack perspective, we don't mandate use of vulnerable versions of dependencies, as the suggested version ranges in the requirements.txt you linked can confirm." But upstream Horizon do states JQuery < 2 which means we do mandate impacted JQuery versions. I'm marking this as New again to get attention to this new fact. ** Changed in: horizon Status: Invalid => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/196 Title: Javascript libraries with vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1955556] Re: Javascript libraries with vulnerabilities
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: horizon (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/196 Title: Javascript libraries with vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1955556] Re: Javascript libraries with vulnerabilities
** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/196 Title: Javascript libraries with vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/196/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs