ModernTimeline icon indicating copy to clipboard operation
ModernTimeline copied to clipboard
verified publisher icon ProfessionalWiki

Update to newer version of TimelineJS

Open krabina opened this issue 3 years ago • 5 comments

The TimelineJS verson used is currently at 3.6.5 https://github.com/ProfessionalWiki/ModernTimeline/blob/master/resources/vendor/timeline.js while the original repo is on version 3.9.0 ](https://github.com/NUKnightLab/TimelineJS3/blob/master/CHANGELOG.md)

At some point we should update to a more recent version,

krabina avatar Nov 09 '22 10:11 krabina

There is a security issue on timeline.js 3.6.5 (CVE-2020-15092) so it would be better to update the library as soon as possible. We searched with @NavidBoy (apprentice at Wiki Valley) the new version of the library but we didn’t find in the same distribution form (1 JS file bundling multiple libraries). @JeroenDeDauw : do you know where to find this or how to compile it?

Seb35 avatar Feb 07 '23 14:02 Seb35

From what I understand, the issue is mostly related to using Google Docs. One would have to put malicious content in the wiki in order to exploit this, so I guess it is not a big problem for this extension.

But anyway it would be great to update the library.

krabina avatar Feb 07 '23 14:02 krabina

Maybe also this helps: https://github.com/NUKnightLab/TimelineJS-Wordpress-Plugin

krabina avatar Feb 07 '23 14:02 krabina

Digging deeper, I found this doc, and the compiled versions are explained here, so the new compiled version is downloadable here. It is now minified (at the contrary of 3.6.5).

Seb35 avatar Feb 07 '23 14:02 Seb35

Correct link: https://cdn.knightlab.com/libs/timeline3/3.9.2/timeline3.zip

PR with new version welcome. Good to test the extension after upgrading the lib, since they might have made breaking changes.

JeroenDeDauw avatar Feb 07 '23 19:02 JeroenDeDauw