You are here: Foswiki>Tasks Web>Item14918 (28 Mar 2022, MichaelDaum)Edit Attach

Item14918: backport fix of CVE-2015-9251 and CVE-2019-11358

Priority: Security
Current State: Closed
Released In: 2.1.7
Target Release: patch
Applies To: Extension
Component: JQueryPlugin
Branches: Release02x01 master
Reported By: MichaelDaum
Waiting For:
Last Change By: MichaelDaum

The actual promoted approach is to move to the latest jquery-3.x ... which causes all other sorts of incompatibilities with the rest of the jquery pack, i.e. livequery. So it seems appropriate to backport those two relatively small fixes for jquery-2 instead.

-- MichaelDaum - 02 Jun 2020

That would seem the best approach I would think

-- TimothyLegge - 09 Jun 2020

from the checkins:

  • removed support for old Internet Explorers < 11
  • deprecate LiveQuery module not compatible with jQuery-3 and not supported upstream anymore
  • new Observer implementation replacing deprecated LiveQuery
  • fixed rating formfield
  • fixed html5 data in %BUTTON macro
  • support svg icons in IconService now
  • added latest jQuery-3.5.1 and matching jquery.migrate module
  • removed any old jQuery versions other than the latest jQuery-2 and jQuery-3
  • patched issue in jQuery-2
  • improvements to Makefile system supporting lib, src and build subdirs
  • using terser in favour of uglifyjs if available
  • using csso in favor of cssmin if available
  • patched multiple modules to be compatible with jquer-3: blockUI, button, chili, farbtastic, focus, form, foswiki, placeholder, pnotify, scrollto, serialscroll, stars, tabpane, textboxlist, tmpl-loader, wikiword
  • fixed jquery.foswiki
  • added foswiki.normalizeWebTopicName javascript api, same as the perl one
  • updated hoverintent, jsrender, jsview, jQuery-ui, validate
  • fixed jquery.loader
  • backported jQuery.context to jquery-3 needd by new observer module

-- Main.MichaelDaum - 07 Nov 2020

Topic revision: r9 - 28 Mar 2022, MichaelDaum
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy