[BlueOnyx:27130] Re: Question on adm jQuery version on BO 5209R
Herbert Rubin
herbr at pfinders.com
Thu Jul 25 14:19:37 -05 2024
Thanks Michael for the info.
Herb
On Thu, Jul 25, 2024 at 12:16 PM Michael Stauber via Blueonyx <
blueonyx at mail.blueonyx.it> wrote:
> Hi Herbert,
>
> > A third party security scan found this:
>
> Ah, Snake-Oil. :o)
>
> > Missing Anti-Clickjacking header
> >
> > Vulnerable JS Library:
> > name: Vulnerable JS Library | url:
> > http://n.n.n.n:444/.adm/scripts/plugins-min.js
> > <http://173.225.25.201:444/.adm/scripts/plugins-min.js>
> > method: GET
> > evidence: ,jquery:"1.7.2"
> >
> > Is this a problem?
> > Can jQuery be updated or will that break things?
>
> That's fine. For retaining compatibility with the old Adminica theme
> we're keeping the jQuery version number the same, but it has backported
> security fixes.
>
> And no: It cannot be simply be upgraded to the latest version, as that
> would break stuff left and right. That's why we're using a legacy
> version of jQuery for the Adminica theme with the backported fixes.
>
> The new default Elmer theme uses a more modern jQuery from a different
> directory:
>
> https://
> <server>:81/.elm/vendors/bower_components/jquery/dist/jquery.min.js
>
> --
> With best regards
>
> Michael Stauber
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20240725/2c108c76/attachment.html>
More information about the Blueonyx
mailing list