About JQuery

About JQuery

by Mahmood Naderan -
Number of replies: 10
What is the JQuery version of moodle 3.8? Also regarding the YUI, I want to know how can I disable that in 3.8?
Average of ratings: -
In reply to Mahmood Naderan

Re: About JQuery

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
jquery 3.4.1

I don't think you can 'disable' YUI as there are still some parts that use it. It shouldn't matter. What are you trying to do?
Average of ratings: -
In reply to Howard Miller

Re: About JQuery

by Mahmood Naderan -
How can I check that?
I am looking for this CVE-2020-11022

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
https://github.com/advisories/GHSA-gxr4-xjj5-5px2
Average of ratings: -
In reply to Mahmood Naderan

Re: About JQuery

by Howard Miller -
Picture of Core developers Picture of Documentation writers Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers
Ok - I'm moving this to the security and privacy forum. I have no idea if Moodle is affected by CVE-2020-11022 and/or if it has been considered.
Average of ratings: -
In reply to Howard Miller

Re: About JQuery

by Mahmood Naderan -
I see this workaround for that. https://github.com/advisories/GHSA-gxr4-xjj5-5px2 However, I don't know where should I apply that snippet.
Average of ratings: -
In reply to Mahmood Naderan

Re: About JQuery

by Thomas Ludwig -
Picture of Core developers

Is there a possibility that the latest jQuery version will be integrated into moodle in one of the next patches? Or isn't moodle affected by this vulnerability in jQuery 3.4.1 at all?

Average of ratings: -
In reply to Thomas Ludwig

Re: About JQuery

by Michael Hawkins -
Picture of Core developers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Testers
Hi Thomas,

I can confirm there is already an issue logged in Tracker to upgrade jQuery to 3.5.1. Please be aware that that as per our Security Procedures, the best thing to do if you suspect Moodle or any of its third party libraries have a potential security issue, is to raise a security issue in Tracker or send us an email (rather than posting in a public forum).

Thanks.
Average of ratings: Useful (1)
In reply to Michael Hawkins

Re: About JQuery

by Franziska Hübler -

Hi Michael,

I cannot find the issue to upgrade jQuery to 3.5.1 in Tracker. Is there are special place for security tickets?


Average of ratings: -
In reply to Franziska Hübler

Re: About JQuery

by Michael Hawkins -
Picture of Core developers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Testers
Hi Franziska,

In line with our responsible disclosure policy, access to security issues is restricted, so details are not publicly available until they are announced after a patch is released.
Average of ratings: -