Indeed that makes sense Jacques. I checked we no longer use
bootstrap-select plugin so removed it as an initial step.
https://github.com/apache/ofbiz-site/commit/eec3090d837d6e931271596a48dca6e6c4a9aedbofbiz-site passes the checks now
https://github.com/apache/ofbiz-site/network/alertshttps://github.com/apache/ofbiz-siteI further plan to check and upgrade libraries to more recent versions
further.
Thanks and Regards,
Aditya Sharma
On Thu, Sep 3, 2020 at 2:34 PM Jacques Le Roux <
[hidden email]>
wrote:
> Thanks Aditya,
>
> We could think that it's not a big deal since it's only a static site. But
> if we were defaced that would not look great ;)
>
> Jacques
>
> Le 03/09/2020 à 08:24, Aditya Sharma a écrit :
> > Hi Jacques,
> >
> > I think the dependency is related to bootstrap-select plugin.
> >
>
https://github.com/apache/ofbiz-site/network/alert/js/plugins/bootstrap-select/package.json/jquery/open> >
> > We might not be affected, though I will have a deeper look into it soon.
> >
> > Thanks and regards,
> > Aditya Sharma
> >
> >
> > On Wed, Sep 2, 2020 at 10:53 PM Jacques Le Roux <
> >
[hidden email]> wrote:
> >
> >> Hi,
> >>
> >> I received an alert from GitHub Advisory <
https://github.com/advisories> >
> >> about OFBiz site and [CVE-2017-16011] "Cross-Site Scripting in jQuery"
> >>
> >> Could someone test if updating to jQuery 1.9 would work?
> >>
> >> I could then, or anyone ready for that, upgrade the OFBiz site to use
> >> jQuery 1.9
> >>
> >> Thanks
> >>
> >> Jacques
> >>
> >>
>
Locked
