Roundup Tracker - Issues

Issue 2551100

classification
Title: Replace jquery 1.3.2 with newer version - security issues
Type: security Severity: normal
Components: Web interface Versions: 2.0.0
process
Status: fixed Resolution: fixed
Dependencies: Superseder:
Assigned To: rouilj Nosy List: rouilj
Priority: normal Keywords:

Created on 2020-11-10 04:10 by rouilj, last changed 2020-11-27 05:34 by rouilj.

Messages
msg7021 Author: [hidden] (rouilj) Date: 2020-11-10 04:10
Replace with newest Update jquery.js in multiple locations:

share/roundup/templates/responsive/html/jquery.js

share/roundup/templates/devel/html/jquery.js

version and test to make sure that it still works.

GitHub code scanning reports bad sanitizing function to remove script 
tags,

See: https://github.com/roundup-tracker/roundup/security/code-
scanning/8?query=ref%3Arefs%2Fheads%2Fmaster

https://github.com/roundup-tracker/roundup/security/code-scanning/3?
query=ref%3Arefs%2Fheads%2Fmaster
msg7037 Author: [hidden] (rouilj) Date: 2020-11-27 05:34
Updated to jquery 3.5.1. Also fixed user.help.html to properly import
info from templating into the javascript so that the apply
button updates the original form invoking the helper function.

github vis no longer finding issues with the jquery files.

(Note the stuff we are using jquery for is very rudimentary.
It could be rewritten using vanilla javascript and remove
the dependency on a 281K file.)
History
Date User Action Args
2020-11-27 05:34:06rouiljsetpriority: normal
assignee: rouilj
status: new -> fixed
messages: + msg7037
resolution: fixed
2020-11-10 04:10:15rouiljcreate