0026357: Vulnerability from library JQuery 2.2.4 - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0026357	mantisbt	security	public	2019-11-15 03:00	2023-06-20 06:26

Reporter	jcamara	Assigned To
Priority	normal	Severity	minor	Reproducibility	N/A
Status	acknowledged	Resolution	open
Product Version	2.22.0

Summary	0026357: Vulnerability from library JQuery 2.2.4
Description	Our security department reports a pair of known vulnerabilities related with JQuery 2.2.4: https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/version_id-286394/Jquery-Jquery-2.2.4.html The suggestion is promoting JQuery version as far as possible.
Tags	No tags attached.

dregad 2019-11-15 03:20 developer ~0063096	Thanks for the report. Unfortunately, we are currently on the latest jQuery 2.x release, which is no longer receiving patches. Upgrading to 3.x is not a small undertaking, considering the number of breaking changes, and would require extensinve testing to ensure full compatibility; sadly we do not have the bandwidth for taking this on at the moment. Contributions are welcome.

related to	0021214	closed	community	Update jQuery to 2.2.4
has duplicate	0026384	closed	dregad	Outdated jquery and bootstrap copies with known vulnerabilities
has duplicate	0029305	closed	dregad	Vulnerability in JQuery 2.2.4 Library
has duplicate	0029742	closed	atrol	Multiple vulnerabilities in jquery
has duplicate	0032727	closed	dregad	jQuery XSS Vulnerability