Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66186

jQuery 3.2.x minor security vuln - update to 3.4.x or patch 3.2.x

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Duplicate
    • 3.5.7, 3.6.5, 3.7.1
    • None
    • JavaScript, Libraries
    • None
    • MOODLE_35_STABLE, MOODLE_36_STABLE, MOODLE_37_STABLE

    Description

      There is a minor and relatively hard-to-exploit security vulnerability in jQuery 3.2.x that ships with currently security-supported versions of Moodle e.g. 3.5.x.

      More information on the vulnerability patched in jQuery 3.4.0:

      Two options I see that would fix this:

      1. Update to jQuery 3.4.x and backport the other fixes from MDL-65751; or
      2. Patch the jQuery 3.2.x version as mentioned on the jQuery release page
        https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
        The latter looks pretty easy - a one-line patch.

      Ref MDL-65751

      Attachments

        Issue Links

          has a non-specific relationship to

          Task - A task that needs to be completed. Tasks usually refer to work that must be done outside the product. MDL-65751 Upgrade jQuery to 3.4.1

          • Minor - Minor loss of function where workaround is possible
          • Closed

          Activity

            People

              Unassigned Unassigned
              mwebster Mark van Hoek
              Andrew Lyons, Huong Nguyen, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze, Amaia Anabitarte, Carlos Escobedo, Ferran Recio, Ilya Tregubov, Laurent David, Sara Arjona (@sarjona)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: