Issue 2551100: Replace jquery 1.3.2 with newer version - security issues - Roundup tracker

classification

Title:	Replace jquery 1.3.2 with newer version - security issues
Type:	security	Severity:	normal
Components:	Web interface	Versions:	2.0.0

process

Status:	fixed	Resolution:	fixed
Dependencies		Superseder:
Assigned To:	rouilj	Nosy List:	rouilj
Priority:	normal	Keywords:

Created on 2020-11-10 04:10 by rouilj, last changed 2020-11-27 05:34 by rouilj.

Messages
msg7021	Author: [hidden] (rouilj)	Date: 2020-11-10 04:10
Replace with newest Update jquery.js in multiple locations: share/roundup/templates/responsive/html/jquery.js share/roundup/templates/devel/html/jquery.js version and test to make sure that it still works. GitHub code scanning reports bad sanitizing function to remove script tags, See: https://github.com/roundup-tracker/roundup/security/code- scanning/8?query=ref%3Arefs%2Fheads%2Fmaster https://github.com/roundup-tracker/roundup/security/code-scanning/3? query=ref%3Arefs%2Fheads%2Fmaster
msg7037	Author: [hidden] (rouilj)	Date: 2020-11-27 05:34
Updated to jquery 3.5.1. Also fixed user.help.html to properly import info from templating into the javascript so that the apply button updates the original form invoking the helper function. github vis no longer finding issues with the jquery files. (Note the stuff we are using jquery for is very rudimentary. It could be rewritten using vanilla javascript and remove the dependency on a 281K file.)

History
Date	User	Action	Args
2020-11-27 05:34:06	rouilj	set	priority: normal assignee: rouilj status: new -> fixed messages: + msg7037 resolution: fixed
2020-11-10 04:10:15	rouilj	create