Re: About jQuery 2.2.4 vulnerability

Tue, 19 Oct 2021 23:35:27 -0700 

Dear Martin

Very thanks

From: Martin Grigorov <mgrigo...@apache.org>
Date: Wednesday, October 20, 2021 at 14:34
To: users@wicket.apache.org <users@wicket.apache.org>
Subject: Re: About jQuery 2.2.4 vulnerability
You could use SecurePackageResourceGuard to forbid access to a resource.
In YourApplication#init():

SecurePackageResourceGuard guard = (SecurePackageResourceGuard)
getResourceSettings().getPackageResourceGuard();
guard.addPattern("-**/jquery-2*.js");

On Wed, Oct 20, 2021 at 9:25 AM Shengche Hsiao <shengchehs...@gmail.com>
wrote:

> Dear Martin
>
> I actually configured with jQuery version 3 on Application, and on browser
> console showed jquery version with 3.6.0. But the scanner still find this
> url [
> https://mysite/wicket/resource/org.apache.wicket.resource.JQueryResourceReference/jquery/jquery-2.2.4-v-6233386130326534.js]<https://mysite/wicket/resource/org.apache.wicket.resource.JQueryResourceReference/jquery/jquery-2.2.4-v-6233386130326534.js%5d>
> appears. I know this resource is generated automatically by Wicket 8.13.0
> (our project), and I don’t want this url resource be retrieved by scanner.
> How to do that?
>
>
> From: Martin Grigorov <mgrigo...@apache.org>
> Date: Wednesday, October 20, 2021 at 14:17
> To: users@wicket.apache.org <users@wicket.apache.org>
> Subject: Re: About jQuery 2.2.4 vulnerability
> Hi,
>
> On Wed, Oct 20, 2021 at 5:46 AM Shengche Hsiao <shengchehs...@gmail.com>
> wrote:
>
> > Dear All
> >
> > Recently, our website made a vulnerability scanning. The report shows
> >
> [/wicket/resource/org.apache.wicket.resource.JQueryResourceReference/jquery/jquery-2.2.4-v-
> > 6233386130326534.js] as a vulnerability library. How do I disallow output
> > this jquery version to avoid scan?
> >
>
> I don't understand your question. Please re-phrase if the following does
> not help you!
>
> You can upgrade jQuery by adding such code to YourApplication#init():
>
> getJavaScriptLibrarySettings().setJQueryReference(new
> JavaScriptResourceReference(MyClass.class, "jquery-x.y.z.js"));
> you could
> use org.apache.wicket.resource.JQueryResourceReference#INSTANCE_3, for
> example
>
>
> >
> > Thanks
> >
>

Reply via email to