Thanks Aditya,
We could think that it's not a big deal since it's only a static site. But if
we were defaced that would not look great ;)
Jacques
Le 03/09/2020 à 08:24, Aditya Sharma a écrit :
Hi Jacques,
I think the dependency is related to bootstrap-select plugin.
https://github.com/apache/ofbiz-site/network/alert/js/plugins/bootstrap-select/package.json/jquery/open
We might not be affected, though I will have a deeper look into it soon.
Thanks and regards,
Aditya Sharma
On Wed, Sep 2, 2020 at 10:53 PM Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
Hi,
I received an alert from GitHub Advisory <https://github.com/advisories>
about OFBiz site and [CVE-2017-16011] "Cross-Site Scripting in jQuery"
Could someone test if updating to jQuery 1.9 would work?
I could then, or anyone ready for that, upgrade the OFBiz site to use
jQuery 1.9
Thanks
Jacques