Smartstore icon indicating copy to clipboard operation
Smartstore copied to clipboard

Published 20 hours ago verified publisher icon smartstore

[Question] Why do we still use a old version of jquery.validation from 2017?

Open Algorithman opened this issue 7 months ago • 0 comments

Is there a pressing issue which needs us to use jquery.validation.js v1.17.0 from 2017? There are a few ReDOS vulnerabilities (which might or might not affect us) which are fixed in the current version (v1.20.1)

CVE-2022-31147 CVE-2021-21252 CVE-2021-43306 and this possible XSS vulnerability: https://github.com/jquery-validation/jquery-validation/pull/2462

I really would like to get rid of specially the XSS vulnerability :) ReDOS most likely is not applicable for Smartstore.

Algorithman avatar Jul 12 '24 06:07 Algorithman