Dear Martin Very thanks
From: Martin Grigorov <mgrigo...@apache.org> Date: Wednesday, October 20, 2021 at 14:34 To: users@wicket.apache.org <users@wicket.apache.org> Subject: Re: About jQuery 2.2.4 vulnerability You could use SecurePackageResourceGuard to forbid access to a resource. In YourApplication#init(): SecurePackageResourceGuard guard = (SecurePackageResourceGuard) getResourceSettings().getPackageResourceGuard(); guard.addPattern("-**/jquery-2*.js"); On Wed, Oct 20, 2021 at 9:25 AM Shengche Hsiao <shengchehs...@gmail.com> wrote: > Dear Martin > > I actually configured with jQuery version 3 on Application, and on browser > console showed jquery version with 3.6.0. But the scanner still find this > url [ > https://mysite/wicket/resource/org.apache.wicket.resource.JQueryResourceReference/jquery/jquery-2.2.4-v-6233386130326534.js]<https://mysite/wicket/resource/org.apache.wicket.resource.JQueryResourceReference/jquery/jquery-2.2.4-v-6233386130326534.js%5d> > appears. I know this resource is generated automatically by Wicket 8.13.0 > (our project), and I don’t want this url resource be retrieved by scanner. > How to do that? > > > From: Martin Grigorov <mgrigo...@apache.org> > Date: Wednesday, October 20, 2021 at 14:17 > To: users@wicket.apache.org <users@wicket.apache.org> > Subject: Re: About jQuery 2.2.4 vulnerability > Hi, > > On Wed, Oct 20, 2021 at 5:46 AM Shengche Hsiao <shengchehs...@gmail.com> > wrote: > > > Dear All > > > > Recently, our website made a vulnerability scanning. The report shows > > > [/wicket/resource/org.apache.wicket.resource.JQueryResourceReference/jquery/jquery-2.2.4-v- > > 6233386130326534.js] as a vulnerability library. How do I disallow output > > this jquery version to avoid scan? > > > > I don't understand your question. Please re-phrase if the following does > not help you! > > You can upgrade jQuery by adding such code to YourApplication#init(): > > getJavaScriptLibrarySettings().setJQueryReference(new > JavaScriptResourceReference(MyClass.class, "jquery-x.y.z.js")); > you could > use org.apache.wicket.resource.JQueryResourceReference#INSTANCE_3, for > example > > > > > > Thanks > > >