[MGNLSTK-1528] Security bug in STK with jquery 1.8.3 Created: 18/May/16  Updated: 16/Mar/23  Resolved: 16/Mar/23

Status: Closed
Project: Magnolia Standard Templating Kit (closed)
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Blocker
Reporter: Stefano Rocca Assignee: Unassigned
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Magnolia 4.5.14 - STK 2.0.15


Template:
Acceptance criteria:
Empty
Date of First Response:

 Description   

Hi,
our client reported us a security bug on STK library. We are using magnolia 4.5.14 EE with STK module version 2.0.15. The reported security bug affect JQuery.js 1.8.3 library. As you can see in these page: http://domstorm.skepticfx.com/modules?id=529bbe6e125fac0000000003 and https://bugs.jquery.com/ticket/12254 this version of the javascript library is affected by XSS security bug.

We note that also the last released version of STK module includes JQuery 1.8.3 library.
Is there a version of STK module that uses a newer version of JQuery library? If exist, can we use this STK module version for our magnolia installation (Magnolia 4.5.14 EE)

If I update jquery library with a major version (1.9 +), many errors appear in stk js librrary
Can you update STK library with an updated JQuery version?

Our client reported us another security bug. The affected js library is flowplayer to 2.5.16 version. the same version of this library is used in the last version of STK module. Can you update STK library with an updated flowplayer JS library version?

Thanks in advance,
Stefano



 Comments   
Comment by Stefano Rocca [ 09/Jun/16 ]

Can you give me a feedback on this issue please?

Comment by Adam Jones [ 16/Mar/23 ]

Closing due to project being archived.

Generated at Mon Feb 12 07:37:26 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.