Re: About jQuery 2.2.4 vulnerability

Shengche Hsiao Tue, 19 Oct 2021 23:25:19 -0700

Dear Martin

I actually configured with jQuery version 3 on Application, and on browser 
console showed jquery version with 3.6.0. But the scanner still find this url 
[https://mysite/wicket/resource/org.apache.wicket.resource.JQueryResourceReference/jquery/jquery-2.2.4-v-6233386130326534.js]
 appears. I know this resource is generated automatically by Wicket 8.13.0 (our 
project), and I don’t want this url resource be retrieved by scanner. How to do 
that?



From: Martin Grigorov <mgrigo...@apache.org>
Date: Wednesday, October 20, 2021 at 14:17
To: users@wicket.apache.org <users@wicket.apache.org>
Subject: Re: About jQuery 2.2.4 vulnerability
Hi,

On Wed, Oct 20, 2021 at 5:46 AM Shengche Hsiao <shengchehs...@gmail.com>
wrote:

> Dear All
>
> Recently, our website made a vulnerability scanning. The report shows
> [/wicket/resource/org.apache.wicket.resource.JQueryResourceReference/jquery/jquery-2.2.4-v-
> 6233386130326534.js] as a vulnerability library. How do I disallow output
> this jquery version to avoid scan?
>

I don't understand your question. Please re-phrase if the following does
not help you!

You can upgrade jQuery by adding such code to YourApplication#init():

getJavaScriptLibrarySettings().setJQueryReference(new
JavaScriptResourceReference(MyClass.class, "jquery-x.y.z.js"));
you could
use org.apache.wicket.resource.JQueryResourceReference#INSTANCE_3, for
example


>
> Thanks
>

Re: About jQuery 2.2.4 vulnerability

Reply via email to