[
https://issues.apache.org/jira/browse/MESOS-10230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17420364#comment-17420364
]
Charles Natali commented on MESOS-10230:
----------------------------------------
[~apeters]
Would you be able to look at this?
I think [~pengels] might be referring to
https://github.com/apache/mesos/blob/master/src/webui/assets/libs/jquery-3.2.1.min.js
Note however that we are also using jquery1.10.1 which is also affected:
https://github.com/apache/mesos/blob/master/site/source/assets/js/jquery-1.10.1.min.js
and in mesos-site:
https://github.com/apache/mesos-site/blob/asf-site/content/assets/js/jquery-1.10.1.min.js
I am absolutely not familiar with web development so even though I could
probably update it I wouldn't know how to check if it broke anything.
> Please update JQuery from 3.2.1 to 3.5.0+
> -----------------------------------------
>
> Key: MESOS-10230
> URL: https://issues.apache.org/jira/browse/MESOS-10230
> Project: Mesos
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.11.0
> Reporter: p engels
> Priority: Minor
>
> JQuery versions between 1.2 and 3.5.0 are vulnerable to multiple
> cross-site-scripting vulnerabilities. More info can be found on JQuery's
> website:
> blog.jquery.com: [https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/]
> My organization's vulnerability scanner locates the out-of-date jquery at
> this url (sanitized for security reasons):
> [http://example.com:5050/assets/libs/jquery-3.2.1.min.js]
>
> Please remove the old version of JQuery and replace it with version 3.5.0 or
> greater. If this is already planned for a future release, please comment on
> this request with the version this will be fixed in.
>
> Keep up the good work, Apache community <3
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
