Difference between revisions of "Jquery Vulnerabilities"
From Documentation
m |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 6: | Line 6: | ||
{| class="wikitable" | width="100%" | {| class="wikitable" | width="100%" | ||
! <center>ZK version</center> | ! <center>ZK version</center> | ||
| − | ! <center>jQuery Status</center> | + | ! <center>Bundled jQuery Status</center> |
! <center>Fixed Vulnerabilities</center> | ! <center>Fixed Vulnerabilities</center> | ||
|- | |- | ||
| Line 27: | Line 27: | ||
| 1.10.2 with security patches | | 1.10.2 with security patches | ||
| | | | ||
| − | * [https://nvd.nist.gov/vuln/detail/CVE-2015-9251 CVE-2015-9251] ([https://tracker.zkoss.org/browse/ZK-3724 ZK- | + | * [https://nvd.nist.gov/vuln/detail/CVE-2015-9251 CVE-2015-9251] ([https://tracker.zkoss.org/browse/ZK-3724 ZK-3724]) |
* [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358 CVE-2019-11358]([https://tracker.zkoss.org/browse/ZK-4599 ZK-4599]) | * [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358 CVE-2019-11358]([https://tracker.zkoss.org/browse/ZK-4599 ZK-4599]) | ||
|} | |} | ||
You can check zk-bundled jQuery version by this js variable <code>jq.fn.jquery</code>. | You can check zk-bundled jQuery version by this js variable <code>jq.fn.jquery</code>. | ||
Latest revision as of 03:51, 21 April 2022
ZK framework includes a customized jQuery library. Replacing that bundled jQuery in ZK to solve its security vulnerability isn't an option. This is because ZK and jQuery are deeply integrated with zk-specific customizations. Also, JQuery introduces breaking changes between major versions. Simply replacing jQuery won’t work.
To address this, please upgrade ZK to a patched version or a non-affected version.
| 9.1.0 or above | 3.5.1 | |
| 9.0.0 | 1.12.4 | |
|
8.6.4.1 |
1.10.2 with security patches |
You can check zk-bundled jQuery version by this js variable jq.fn.jquery.