Details
-
Bug
-
Resolution: Won't Do
-
Blocker
-
None
-
None
-
None
-
None
-
Magnolia 4.5.14 - STK 2.0.15
-
-
Empty show more show less
Description
Hi,
our client reported us a security bug on STK library. We are using magnolia 4.5.14 EE with STK module version 2.0.15. The reported security bug affect JQuery.js 1.8.3 library. As you can see in these page: http://domstorm.skepticfx.com/modules?id=529bbe6e125fac0000000003 and https://bugs.jquery.com/ticket/12254 this version of the javascript library is affected by XSS security bug.
We note that also the last released version of STK module includes JQuery 1.8.3 library.
Is there a version of STK module that uses a newer version of JQuery library? If exist, can we use this STK module version for our magnolia installation (Magnolia 4.5.14 EE)
If I update jquery library with a major version (1.9 +), many errors appear in stk js librrary
Can you update STK library with an updated JQuery version?
Our client reported us another security bug. The affected js library is flowplayer to 2.5.16 version. the same version of this library is used in the last version of STK module. Can you update STK library with an updated flowplayer JS library version?
Thanks in advance,
Stefano