I've set our security advisory task for this to Won't Fix as it's a class C2 report per our taxonomy (A vulnerability, but not in OpenStack supported code, e.g., in a dependency): https://security.openstack.org /vmt-process.html#incident-report-taxonomy
** Changed in: ossa Status: Incomplete => Won't Fix ** Information type changed from Public Security to Public ** Tags added: security -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1721193 Title: Outdated and vulnerable versions of Javascript libraries Status in OpenStack Dashboard (Horizon): Incomplete Status in OpenStack Security Advisory: Won't Fix Bug description: One or more vulnerabilities were reported for few outdated version of the Javascript libraries, used by horizon. Suggestion is to upgrade to the latest version. /dashboard/static/dashboard/js/5508d0ed7005.js /dashboard/static/horizon/lib/jquery/jquery.js /dashboard/static/horizon/lib/jquery/jquery.min.js /dashboard/static/horizon/lib/jquery_migrate/jquery-migrate.js /dashboard/static/horizon/lib/jquery_migrate/jquery-migrate.min.js /dashboard/static/horizon/lib/jquery_ui/ui/jquery-ui.js /dashboard/static/horizon/lib/jquery_ui/ui/jquery.ui.dialog.js /dashboard/static/horizon/lib/jquery_ui/ui/minified/jquery-ui.min.js To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1721193/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp