Bug 1406096
| Summary: | Vulnerable JQuery Version | |||
|---|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Jared Deubel <jdeubel> | |
| Component: | Security | Assignee: | Josh Langholtz <jlanghol> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Jan Krocil <jkrocil> | |
| Severity: | low | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 5.6.0 | CC: | ckacergu, jhardy, jkrocil, jprause, jrafanie, kseifried, obarenbo, simaishi | |
| Target Milestone: | GA | Keywords: | TestOnly, ZStream | |
| Target Release: | 5.8.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | 5.8.0.0 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1428944 (view as bug list) | Environment: | ||
| Last Closed: | 2017-06-12 17:06:11 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1428944 | |||
Tracking this for the SUI here: https://www.pivotaltracker.com/story/show/136378431 Updated SUI master branch with latest version of jQuery. See PR: https://github.com/ManageIQ/manageiq-ui-service/pull/400 Euwe PR here: https://github.com/ManageIQ/manageiq-ui-service/pull/401 New commit detected on ManageIQ/manageiq-ui-classic/fine: https://github.com/ManageIQ/manageiq-ui-classic/commit/e85a4d1e897e144f4c8a494c1e7fb012fa12e1c9 commit e85a4d1e897e144f4c8a494c1e7fb012fa12e1c9 Author: Martin Povolny <mpovolny> AuthorDate: Fri Apr 7 14:56:25 2017 +0200 Commit: Satoe Imaishi <simaishi> CommitDate: Fri Apr 7 17:58:21 2017 -0400 Merge pull request #957 from himdel/jquery22 Upgrade jQuery to ~2.2.4 (cherry picked from commit dceceb8a4bf445a8bb5cecddbd74df8727673e20) https://bugzilla.redhat.com/show_bug.cgi?id=1406096 bower.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) New commit detected on ManageIQ/manageiq/fine: https://github.com/ManageIQ/manageiq/commit/76b95d908dc73bf5ffb850b087ec295e080d5ea4 commit 76b95d908dc73bf5ffb850b087ec295e080d5ea4 Author: Martin Povolny <mpovolny> AuthorDate: Fri Apr 7 14:56:25 2017 +0200 Commit: Satoe Imaishi <simaishi> CommitDate: Fri Apr 7 18:02:46 2017 -0400 Merge pull request #957 from himdel/jquery22 Upgrade jQuery to ~2.2.4 (cherry picked from commit dceceb8a4bf445a8bb5cecddbd74df8727673e20) https://bugzilla.redhat.com/show_bug.cgi?id=1406096 bower.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Self Service UI is on jQuery 3.2.1 and regular UI is on jQuery 2.2.4. Verified in 5.8.0.12-rc1.20170425180304_4f35996. |
Description of problem: The current version of jquery in CloudForms 5.6 is v2.1.4, since there are known vulnerabilities in the product, what are the implications of updating this? Is this in the roadmap to update the version in the future? The jQuery library used by the application is v2.1.4, which has known vulnerabilities. "Hosts: https:// xaasportal.cbts.ne/assets/application-9e4f8c715b2a7ec8a901ca972cc0962c.js" Recommendation: Upgrade to the newest version of JQuery. Version-Release number of selected component (if applicable): 5.6