What is the JQuery version of moodle 3.8? Also regarding the YUI, I want to know how can I disable that in 3.8?
About JQuery
Number of replies: 10Re: About JQuery
jquery 3.4.1
I don't think you can 'disable' YUI as there are still some parts that use it. It shouldn't matter. What are you trying to do?
I don't think you can 'disable' YUI as there are still some parts that use it. It shouldn't matter. What are you trying to do?
Re: About JQuery
How can I check that?
I am looking for this CVE-2020-11022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
https://github.com/advisories/GHSA-gxr4-xjj5-5px2
I am looking for this CVE-2020-11022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
https://github.com/advisories/GHSA-gxr4-xjj5-5px2
Re: About JQuery
Ok - I'm moving this to the security and privacy forum. I have no idea if Moodle is affected by CVE-2020-11022 and/or if it has been considered.
Re: About JQuery
I see this workaround for that.
https://github.com/advisories/GHSA-gxr4-xjj5-5px2
However, I don't know where should I apply that snippet.
Re: About JQuery
Is there a possibility that the latest jQuery version will be integrated into moodle in one of the next patches? Or isn't moodle affected by this vulnerability in jQuery 3.4.1 at all?
Re: About JQuery
Hi Thomas,
I can confirm there is already an issue logged in Tracker to upgrade jQuery to 3.5.1. Please be aware that that as per our Security Procedures, the best thing to do if you suspect Moodle or any of its third party libraries have a potential security issue, is to raise a security issue in Tracker or send us an email (rather than posting in a public forum).
I can confirm there is already an issue logged in Tracker to upgrade jQuery to 3.5.1. Please be aware that that as per our Security Procedures, the best thing to do if you suspect Moodle or any of its third party libraries have a potential security issue, is to raise a security issue in Tracker or send us an email (rather than posting in a public forum).
Thanks.
Re: About JQuery
Hi Michael,
I cannot find the issue to upgrade jQuery to 3.5.1 in Tracker. Is there are special place for security tickets?
Re: About JQuery
Hi Franziska,
In line with our responsible disclosure policy, access to security issues is restricted, so details are not publicly available until they are announced after a patch is released.
In line with our responsible disclosure policy, access to security issues is restricted, so details are not publicly available until they are announced after a patch is released.
Re: About JQuery
Is there any update on this issue?
Re: About JQuery
Hi Berengar,
I am currently working on upgrading of jQuery. Will submit issue for review soon
Ilya
I am currently working on upgrading of jQuery. Will submit issue for review soon
Ilya