[MDL-66186] jQuery 3.2.x minor security vuln - update to 3.4.x or patch 3.2.x - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Duplicate
Affects Version/s: 3.5.7, 3.6.5, 3.7.1
Fix Version/s: None
Component/s: JavaScript, Libraries
Labels:
None

Affected Branches:
MOODLE_35_STABLE, MOODLE_36_STABLE, MOODLE_37_STABLE

Description

There is a minor and relatively hard-to-exploit security vulnerability in jQuery 3.2.x that ships with currently security-supported versions of Moodle e.g. 3.5.x.

More information on the vulnerability patched in jQuery 3.4.0:

Two options I see that would fix this:

Update to jQuery 3.4.x and backport the other fixes from ~~MDL-65751~~; or
Patch the jQuery 3.2.x version as mentioned on the jQuery release page
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
The latter looks pretty easy - a one-line patch.

Ref ~~MDL-65751~~

Attachments

Issue Links

has a non-specific relationship to

MDL-65751 Upgrade jQuery to latest

Closed

Activity

People

Assignee:

Unassigned

Reporter:

Mark van Hoek

Participants:

Mark van Hoek, Michael Hawkins

Component watchers:

Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Sara Arjona (@sarjona), Víctor Déniz Falcón

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

19/Jul/19 12:51 AM

Updated:

25/Jul/19 10:06 AM

Resolved:

19/Jul/19 10:02 AM