JQuery version

Submitted by bez.lashkari on Thu, 06/27/2019 - 04:24
Forums: 
General discussion

Hi,

We've recently had some pen testing carried out on the site.  One identified vulnerability is to do with JQuery version that ships with H5P.

I've attached an image detailing the old JQuery versions and the path to it.  The pen testers said:

"Please note that the version 1 and 2 branches of jQuery are now unsupported, and as such will no longer receive any future security updates. Consider upgrading the website to the latest stable version of jQuery."

Do you have any releases or plans to mitigate these vulnerabilities?

Thanks,

Bez

Attachments: 
Image icon Screenshot 2019-06-27 at 09.21.02.png
Summary: 
Old versions of JQuery library

Jack Everard

Fri, 08/16/2019 - 14:18

Hi 

Are there any updates on this query? It relates to ongoing penetration testing. 

Many thanks 

Jack