Re: [dspace-tech] jQuery 1.6.2

2016-03-15 Thread Ilja Sidoroff
raspace.org > ] > *Sent:* Thursday, March 10, 2016 1:59 PM > *To:* dspac...@googlegroups.com > *Subject:* Re: [dspace-tech] jQuery 1.6.2 > > Hi Ilja, > > Yes, we'd encourage a Pull Request if you are willing. Thanks for making > us aware of this. > > - Tim > >

Re: [dspace-tech] jQuery 1.6.2

2016-03-15 Thread Ilja Sidoroff
ent:* Thursday, March 10, 2016 1:59 PM > *To:* dspac...@googlegroups.com > *Subject:* Re: [dspace-tech] jQuery 1.6.2 > > Hi Ilja, > > Yes, we'd encourage a Pull Request if you are willing. Thanks for making > us aware of this. > > - Tim > > On 3/8/2016 6:55

RE: [dspace-tech] jQuery 1.6.2

2016-03-11 Thread Pottinger, Hardy J.
m/npm/node-semver [4] https://jira.duraspace.org/browse/DS-3099 From: dspace-tech@googlegroups.com [dspace-tech@googlegroups.com] on behalf of Tim Donohue [tdono...@duraspace.org] Sent: Thursday, March 10, 2016 1:59 PM To: dspace-tech@googlegroups.com Subject: Re: [d

Re: [dspace-tech] jQuery 1.6.2

2016-03-10 Thread Tim Donohue
Hi Ilja, Yes, we'd encourage a Pull Request if you are willing. Thanks for making us aware of this. - Tim On 3/8/2016 6:55 AM, Ilja Sidoroff wrote: At routine system scan by our IT department noticed, that mirage theme uses jQuery version 1.6.2, which is vulnerable to a XSS attack [1]. I do

[dspace-tech] jQuery 1.6.2

2016-03-08 Thread Ilja Sidoroff
At routine system scan by our IT department noticed, that mirage theme uses jQuery version 1.6.2, which is vulnerable to a XSS attack [1]. I don't know if this actually exploitable in DSpace, but anyway it seems that this is fixable by simple bumping the version to 1.6.4. Is it worth of making a