Uploaded image for project: 'Magnolia Standard Templating Kit (closed)'
  1. Magnolia Standard Templating Kit (closed)
  2. MGNLSTK-1528

Security bug in STK with jquery 1.8.3

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Blocker
    • None
    • None
    • None
    • None
    • Magnolia 4.5.14 - STK 2.0.15

    Description

      Hi,
      our client reported us a security bug on STK library. We are using magnolia 4.5.14 EE with STK module version 2.0.15. The reported security bug affect JQuery.js 1.8.3 library. As you can see in these page: http://domstorm.skepticfx.com/modules?id=529bbe6e125fac0000000003 and https://bugs.jquery.com/ticket/12254 this version of the javascript library is affected by XSS security bug.

      We note that also the last released version of STK module includes JQuery 1.8.3 library.
      Is there a version of STK module that uses a newer version of JQuery library? If exist, can we use this STK module version for our magnolia installation (Magnolia 4.5.14 EE)

      If I update jquery library with a major version (1.9 +), many errors appear in stk js librrary
      Can you update STK library with an updated JQuery version?

      Our client reported us another security bug. The affected js library is flowplayer to 2.5.16 version. the same version of this library is used in the last version of STK module. Can you update STK library with an updated flowplayer JS library version?

      Thanks in advance,
      Stefano

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              Unassigned Unassigned
              stefano Stefano Rocca
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: