[
https://issues.apache.org/jira/browse/MESOS-10230?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17580877#comment-17580877
]
p engels commented on MESOS-10230:
----------------------------------
Hate to bring this up after all this time. The old installation of jQuery is
still showing on the scanner for my organization. We are on the latest Mesos
version. Is there anything needed on my end to remove that jQuery from the
system?
> Please update JQuery from 3.2.1 to 3.5.0+
> -----------------------------------------
>
> Key: MESOS-10230
> URL: https://issues.apache.org/jira/browse/MESOS-10230
> Project: Mesos
> Issue Type: Improvement
> Components: security
> Affects Versions: 1.11.0
> Reporter: p engels
> Priority: Minor
>
> JQuery versions between 1.2 and 3.5.0 are vulnerable to multiple
> cross-site-scripting vulnerabilities. More info can be found on JQuery's
> website:
> blog.jquery.com: [https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/]
> My organization's vulnerability scanner locates the out-of-date jquery at
> this url (sanitized for security reasons):
> [http://example.com:5050/assets/libs/jquery-3.2.1.min.js]
>
> Please remove the old version of JQuery and replace it with version 3.5.0 or
> greater. If this is already planned for a future release, please comment on
> this request with the version this will be fixed in.
>
> Keep up the good work, Apache community <3
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
