View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001430 | bareos-core | webui | public | 2022-02-23 20:19 | 2022-03-03 15:11 |
| Reporter | jason.agilitypr | Assigned To | frank | ||
| Priority | high | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Platform | Linux | OS | Ubuntu | OS Version | 20.04 |
| Product Version | 21.0.0 | ||||
| Summary | 0001430: Version of Jquery is old and vulnerable | ||||
| Description | the version of jquery that bareos webui is running is old and out of date and has known security vulnerabilities (xss attacks) /*! jQuery v3.2.0 | (c) JS Foundation and other contributors | jquery.org/license */ v3.2.0 was release on March 16, 2017 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ "The HTML parser in jQuery <=3.4.1 usually did the right thing, but there were edge cases where parsing would have unintended consequences. " the current version of jquery is 3.6.0 | ||||
| Steps To Reproduce | check version of jquery loaded in bareos webui via browser right click -> view source | ||||
| Additional Information | the related libraries including moment and excanavas, may also need updating. | ||||
| Tags | No tags attached. | ||||
|
bareos: master cbbe75e4 2022-02-24 13:20 Ported: N/A Details Diff |
webui: update jquery from v3.2.0 to v3.6.0 Fixes 0001430: Version of Jquery is old and vulnerable |
Affected Issues 0001430 |
|
| mod - webui/public/js/jquery.js | Diff File | ||
| mod - webui/public/js/jquery.min.js | Diff File | ||
|
bareos: bareos-19.2 71bfc0ca 2022-02-24 13:20 Committer: pstorz Ported: N/A Details Diff |
webui: update jquery from v3.2.0 to v3.6.0 Fixes 0001430: Version of Jquery is old and vulnerable (cherry picked from commit cbbe75e47482f7603d8ba6381d3f30fc81ad65e0) |
Affected Issues 0001430 |
|
| mod - webui/public/js/jquery.js | Diff File | ||
| mod - webui/public/js/jquery.min.js | Diff File | ||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-02-23 20:19 | jason.agilitypr | New Issue | |
| 2022-02-24 11:37 | frank | Assigned To | => frank |
| 2022-02-24 11:37 | frank | Status | new => assigned |
| 2022-02-24 11:54 | frank | Status | assigned => acknowledged |
| 2022-03-03 11:11 | frank | Changeset attached | => bareos master cbbe75e4 |
| 2022-03-03 11:11 | frank | Note Added: 0004531 | |
| 2022-03-03 11:11 | frank | Status | acknowledged => resolved |
| 2022-03-03 11:11 | frank | Resolution | open => fixed |
| 2022-03-03 15:11 | pstorz | Changeset attached | => bareos bareos-19.2 71bfc0ca |
| 2022-03-03 15:11 | frank | Note Added: 0004532 |
