This is an automated email from the ASF dual-hosted git repository.
holivier pushed a commit to branch trunk
in repository
https://gitbox.apache.org/repos/asf/ofbiz-framework.gitThe following commit(s) were added to refs/heads/trunk by this push:
new da69049 Fixed: Check embedded Javascript libs vulnerabilities using retire.js (OFBIZ-11752)
da69049 is described below
commit da690493f9add640b783abef4f4d821c2b792bff
Author: holivier <
[hidden email]>
AuthorDate: Wed Jun 17 14:34:51 2020 +0200
Fixed: Check embedded Javascript libs vulnerabilities using retire.js
(OFBIZ-11752)
Upgraded jQuery to 3.5.2 and jQuery migrate to 3.3.0 to vulnerabilities
of medium severity
Regex in its jQuery.htmlPrefilter sometimes may introduce XSS;
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
change in HelpScreen.xml
---
framework/common/widget/HelpScreens.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/framework/common/widget/HelpScreens.xml b/framework/common/widget/HelpScreens.xml
index 53785b2..4002b7e 100644
--- a/framework/common/widget/HelpScreens.xml
+++ b/framework/common/widget/HelpScreens.xml
@@ -38,8 +38,8 @@ under the License.
<screen name="ShowHelp">
<section>
<actions>
- <set field="layoutSettings.javaScripts[]" value="/common/js/jquery/jquery-3.4.1.min.js" global="true"/>
- <set field="layoutSettings.javaScripts[]" value="/common/js/jquery/jquery-migrate-3.0.0.min.js" global="true"/>
+ <set field="layoutSettings.javaScripts[]" value="/common/js/jquery/jquery-3.5.1.min.js" global="true"/>
+ <set field="layoutSettings.javaScripts[]" value="/common/js/jquery/jquery-migrate-3.3.0.min.js" global="true"/>
<set field="layoutSettings.javaScripts[]" value="/common/js/jquery/plugins/browser-plugin/jquery.browser-0.1.0.min.js" global="true"/>
<set field="layoutSettings.javaScripts[]" value="/common/js/jquery/ui/jquery-ui-1.12.1.min.js" global="true"/>
</actions>
Locked
