🌍
English
Announcement
- [2024-04-17] Piwigo 14.4.0
- [2024-04-01] Piwigo in Hobbit runes
- [2024-03-01] Piwigo 14.3.0
- [2024-01-30] Piwigo 14.2.0
- [2023-12-29] Piwigo 14.1.0
#1 2021-12-15 13:48:22
- henker
- Member
- Warsaw
- 2014-09-01
- 26
jQuery 1.11.3 outdated
Hiya,
according to https://snyk.io/test/npm/jquery/1.11.3 , there are some medium vulnerabilities in jQuery 1.11.3.
Looking at themes/default/js/jquery.min.js , Piwigo uses
/*! jQuery v1.11.3 | (c) 2005, 2015 jQuery Foundation, Inc. | jquery.org/license */
I can't judge whether this is an issue, apparently jquery.cookie.js is also not maintained anymore:
/*!
* jQuery Cookie Plugin v1.4.1
* https://github.com/carhartl/jquery-cookie
*
* Copyright 2013 Klaus Hartl
* Released under the MIT license
*/
- should these be upgraded to more recent versions ? If so, what's the best way to update, is jQuery Migrate 1.4.1 a recommended option ?
Offline
#2 2022-09-27 17:41:13
- henker
- Member
- Warsaw
- 2014-09-01
- 26
Re: jQuery 1.11.3 outdated
Will these issues be addressed in Piwigo 13.x ?
Offline
#3 2022-09-30 13:19:59
- plg
- Piwigo Team
- Nantes, France, Europe
- 2002-04-05
- 13791
Re: jQuery 1.11.3 outdated
there is no update of jQuery in Piwigo 13
Offline
#4 2022-09-30 13:52:05
- henker
- Member
- Warsaw
- 2014-09-01
- 26
Re: jQuery 1.11.3 outdated
I can't judge whether Piwigo is directly affected, but there are 4 CVEs:
CVE-2020-11023
CVE-2020-11022
CVE-2015-9251
CVE-2019-11358
The identified library jquery, version 1.11.3 is vulnerable.
https://security.snyk.io/package/npm/jquery/1.11.3
[Github] jquery issue #2432
Offline