Hi all, DSpace 6.4 included fixes to upgrade both the JSPUI and XMLUI to use jQuery 3, see https://github.com/DSpace/DSpace/pull/2918
This work was never ported to DSpace 5.x (and 5.x is now end-of-life, so that port will never occur). That said, it might be possible to manually port this in your local 5.x instance simply by making the same changes as were made in that PR. While the PR looks massive, it is mostly replacing the old jQuery files with the new ones & making some relatively minor updates to the DSpace code. Another option is to consider upgrading to 6.4, or even to 7.x in the near future. Tim On Tuesday, March 21, 2023 at 10:54:24 AM UTC-5 Michael Plate wrote: > Hi, > > Am 21.03.23 um 16:03 schrieb Mark H. Wood: > > On Mon, Mar 20, 2023 at 12:02:35PM -0700, cpgr...@gmail.com wrote: > >> We have been notified by campus network authorities that our dspace > server > >> is vulnerable because it is running outdated versions of jQuery. We are > in > >> the process of creating a new dspace 7 server to replace this server, > but > >> that will not happen in the short time that we have been given to fix > this > >> vulnerability. > >> > >> How can we quickly upgrade jQuery on our server? Where can I find > >> instructions on updating the jQuery software in our xmlui in our > instance > >> of dspace 5? Can our built process be modified to bring in more up to > date > >> jQuery packages? > >> > >> EOL/Obsolete Software: jQuery 1.x and 2.x Detected > >> > >> - > >> > >> EOL Software:jQuery Version 1.x or 2.x Detected. > >> jquery/jquery-1.4.4.min.js > > > > I don't know how much work is required to update to jQuery v3. > > Updating across two major releases might break a number of things. > […] > > ist seems to be we have the same problem; ours ist jQuery 1.10.2 (by > package.json) , and a good place to start seems to be scripts.xml in the > theme folder. > > Searched a bit and found this > > https://www.cvedetails.com/vulnerability-list/vendor_id-6538/Jquery.html > > > and this > > > https://www.computerminds.co.uk/articles/upgrading-jquery-1x-version-3x > > Presumably DSpace 6.x is affected to ? > > I'll try inspecting on our test-version tomorrow… > > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/40d9e12f-e7c5-4a8c-8bc0-733ee597ecden%40googlegroups.com.
