Difference between revisions of "Jquery Vulnerabilities"

From Documentation
 
Line 27: Line 27:
 
| 1.10.2 with security patches
 
| 1.10.2 with security patches
 
|  
 
|  
* [https://nvd.nist.gov/vuln/detail/CVE-2015-9251 CVE-2015-9251] ([https://tracker.zkoss.org/browse/ZK-3724 ZK-3274])
+
* [https://nvd.nist.gov/vuln/detail/CVE-2015-9251 CVE-2015-9251] ([https://tracker.zkoss.org/browse/ZK-3724 ZK-3724])
 
* [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358 CVE-2019-11358]([https://tracker.zkoss.org/browse/ZK-4599 ZK-4599])
 
* [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358 CVE-2019-11358]([https://tracker.zkoss.org/browse/ZK-4599 ZK-4599])
 
|}
 
|}
  
 
You can check zk-bundled jQuery version by this js variable <code>jq.fn.jquery</code>.
 
You can check zk-bundled jQuery version by this js variable <code>jq.fn.jquery</code>.

Latest revision as of 03:51, 21 April 2022

ZK framework includes a customized jQuery library. Replacing that bundled jQuery in ZK to solve its security vulnerability isn't an option. This is because ZK and jQuery are deeply integrated with zk-specific customizations. Also, JQuery introduces breaking changes between major versions. Simply replacing jQuery won’t work.

To address this, please upgrade ZK to a patched version or a non-affected version.

ZK version
Bundled jQuery Status
Fixed Vulnerabilities
9.1.0 or above 3.5.1
9.0.0 1.12.4

8.6.4.1
8.6.3.1
8.6.0.2
8.5.1.3
8.5.0.1

1.10.2 with security patches

You can check zk-bundled jQuery version by this js variable jq.fn.jquery.