[ https://issues.apache.org/jira/browse/FELIX-5893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16570286#comment-16570286 ]
Carsten Ziegeler commented on FELIX-5893: ----------------------------------------- Thanks [~christanto] . I did a quick verification as well and indeed everything looks still ok. I've applied your patch in rev 1837529 in a slightly different variant as the web console also supports debugging of the javascript > JQuery Security bug CVE-2015-9251 in Web Console > ------------------------------------------------ > > Key: FELIX-5893 > URL: https://issues.apache.org/jira/browse/FELIX-5893 > Project: Felix > Issue Type: Bug > Components: Console > Affects Versions: webconsole-4.3.4 > Reporter: Varun Ganesh > Assignee: Carsten Ziegeler > Priority: Major > Fix For: webconsole-4.3.6 > > Attachments: FELIX-5893.diff > > > Hi Experts, > In our product we are using Sling version 6 in one of our > release.(Working on Migration to Sling 10 for next versions) > Recently we came across a security bug CVE-2015-9251. > (CVE-2015-9251 is a vulnerability to allow an attacker to execute > arbitrary code when text/javascript responses are received from cross-origin > ajax requests not containing the option `dataType`. Its CVSS score is 6.1 in > NVD.). > > To fix this an up-gradation of jQuery to versions greater than 3.0.0 is > required. > > In our product we are using felix web console dependency which contains > jQuery of version 1.3.2.js. > > As part of the fix for the security bug we need to upgrade the jQuery in > the jar that are mentioned above. > For that we checked the latest versions for the above mentioned jars and > identified that the jQuery versions are not above v3.0.0. > So could you please help us in upgrading them as soon as possible. > > Thanks, > Varun. -- This message was sent by Atlassian JIRA (v7.6.3#76005)