[BlueOnyx:27129] Re: Question on adm jQuery version on BO 5209R
Michael Stauber
mstauber at blueonyx.it
Thu Jul 25 14:02:44 -05 2024
Hi Herbert,
> A third party security scan found this:
Ah, Snake-Oil. :o)
> Missing Anti-Clickjacking header
>
> Vulnerable JS Library:
> name: Vulnerable JS Library | url:
> http://n.n.n.n:444/.adm/scripts/plugins-min.js
> <http://173.225.25.201:444/.adm/scripts/plugins-min.js>
> method: GET
> evidence: ,jquery:"1.7.2"
>
> Is this a problem?
> Can jQuery be updated or will that break things?
That's fine. For retaining compatibility with the old Adminica theme
we're keeping the jQuery version number the same, but it has backported
security fixes.
And no: It cannot be simply be upgraded to the latest version, as that
would break stuff left and right. That's why we're using a legacy
version of jQuery for the Adminica theme with the backported fixes.
The new default Elmer theme uses a more modern jQuery from a different
directory:
https://<server>:81/.elm/vendors/bower_components/jquery/dist/jquery.min.js
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list