View Issue Details

IDProjectCategoryView StatusLast Update
0001430bareos-corewebuipublic2022-03-03 15:11
Reporterjason.agilitypr Assigned Tofrank  
PriorityhighSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
PlatformLinuxOSUbuntuOS Version20.04
Product Version21.0.0 
Summary0001430: Version of Jquery is old and vulnerable
Descriptionthe version of jquery that bareos webui is running is old and out of date and has known security vulnerabilities (xss attacks)

/*! jQuery v3.2.0 | (c) JS Foundation and other contributors | jquery.org/license */
v3.2.0 was release on March 16, 2017

https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
"The HTML parser in jQuery <=3.4.1 usually did the right thing, but there were edge cases where parsing would have unintended consequences. "

the current version of jquery is 3.6.0


Steps To Reproducecheck version of jquery loaded in bareos webui via browser right click -> view source
Additional Informationthe related libraries including moment and excanavas, may also need updating.
TagsNo tags attached.

Activities

frank

frank

2022-03-03 11:11

developer   ~0004531

Fix committed to bareos master branch with changesetid 15977.
frank

frank

2022-03-03 15:11

developer   ~0004532

Fix committed to bareos bareos-19.2 branch with changesetid 15981.

Related Changesets

bareos: master cbbe75e4

2022-02-24 13:20

frank

Ported: N/A

Details Diff
webui: update jquery from v3.2.0 to v3.6.0

Fixes 0001430: Version of Jquery is old and vulnerable
Affected Issues
0001430
mod - webui/public/js/jquery.js Diff File
mod - webui/public/js/jquery.min.js Diff File

bareos: bareos-19.2 71bfc0ca

2022-02-24 13:20

frank


Committer: pstorz

Ported: N/A

Details Diff
webui: update jquery from v3.2.0 to v3.6.0

Fixes 0001430: Version of Jquery is old and vulnerable

(cherry picked from commit cbbe75e47482f7603d8ba6381d3f30fc81ad65e0)
Affected Issues
0001430
mod - webui/public/js/jquery.js Diff File
mod - webui/public/js/jquery.min.js Diff File

Issue History

Date Modified Username Field Change
2022-02-23 20:19 jason.agilitypr New Issue
2022-02-24 11:37 frank Assigned To => frank
2022-02-24 11:37 frank Status new => assigned
2022-02-24 11:54 frank Status assigned => acknowledged
2022-03-03 11:11 frank Changeset attached => bareos master cbbe75e4
2022-03-03 11:11 frank Note Added: 0004531
2022-03-03 11:11 frank Status acknowledged => resolved
2022-03-03 11:11 frank Resolution open => fixed
2022-03-03 15:11 pstorz Changeset attached => bareos bareos-19.2 71bfc0ca
2022-03-03 15:11 frank Note Added: 0004532