elegant icon indicating copy to clipboard operation
elegant copied to clipboard

Published 20 hours ago verified publisher icon Pelican-Elegant

[BUG] Vulnerable outdated jQuery Version

Open hno2 opened this issue 4 years ago • 2 comments

Mandatory Step

  • [ x ] I am using latest production release of Elegant

Description

Elegant currently uses Version 1.11.1 from the jQuery CDN https://github.com/Pelican-Elegant/elegant/blob/20cb4aef89ca83fc8b9d1ac3d131247f8d2937ff/templates/base.html#L107 This (and other older) Version of Bootstrap are vulnerable to Cross-Side Scripting.
If there are no breaking changes by upgrading I would recommend removing jQuery soon or to update the script to:

<script
  src="http://code.jquery.com/jquery-3.5.1.min.js"
  integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0="
  crossorigin="anonymous"></script>

If you want I can file a pull request.

hno2 avatar Aug 11 '20 16:08 hno2

Anecdotal evidence: Doesn't brake anything for me.

jniggemann avatar Feb 19 '21 18:02 jniggemann

This issue would go away when we get rid of JQuery altogether as per https://github.com/Pelican-Elegant/elegant/issues/220

silverhook avatar Dec 26 '21 20:12 silverhook