Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hal browser uses jQuery version that contains a CVE #99

Open
odrotbohm opened this issue Apr 30, 2019 · 2 comments
Open

Hal browser uses jQuery version that contains a CVE #99

odrotbohm opened this issue Apr 30, 2019 · 2 comments

Comments

@odrotbohm
Copy link

According to this ticket, this CVE is contained in the jQuery version used by HAL browser. Would you mind upgrading to a recent version that has this CVE fixed?
muxico73 added a commit to muxico73/hal-browser that referenced this issue Jul 26, 2019
@muxico73
Updating Jquery to latest version. Closes issue mikekelly#99.
c90a73c
@muxico73 muxico73 mentioned this issue Jul 26, 2019
Open
@Luke-P-SF
Copy link

Luke-P-SF commented Jul 31, 2019
edited
Loading

Hello, has this issue been resolved?

Keep in mind that the prototype pollution has been patched in jQuery 1 as well, so updating from jQuery 1 to 3 will break backwards compatibility (as that is the purpose of using jQuery 1 still)

@odrotbohm
Copy link
Author

We've moved on to recommend to rather use https://github.com/toedter/hal-explorer instead.

muxico73 added a commit to muxico73/hal-browser that referenced this issue Aug 14, 2019
@muxico73
Updating Jquery to latest version maintaining backwards compatibility…
1e631bc 
…. Closes issue mikekelly#99.
muxico73 added a commit to muxico73/hal-browser that referenced this issue Aug 15, 2019
@muxico73
Updating Jquery to latest patched version 1.12.4 maintaining backward…
6ac654b 
…s compatibility. Properly smoke-tested now. This is my last update. Closes issue mikekelly#99.
@muxico73 muxico73 mentioned this issue Aug 15, 2019
Open
@tdonohue tdonohue mentioned this issue May 21, 2020
Merged
@tdonohue tdonohue mentioned this issue Oct 20, 2020
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@odrotbohm @Luke-P-SF