Bug 1428944

Summary: Vulnerable JQuery Version
Product: Red Hat CloudForms Management Engine Reporter: Satoe Imaishi <simaishi>
Component: SecurityAssignee: Martin Hradil <mhradil>
Status: CLOSED ERRATA QA Contact: Matouš Mojžíš <mmojzis>
Severity: low Docs Contact:
Priority: unspecified    
Version: 5.6.0CC: ckacergu, jhardy, jprause, jrafanie, kseifried, mfalesni, obarenbo, simaishi
Target Milestone: GAKeywords: ZStream
Target Release: 5.7.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: 5.7.3.1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1406096 Environment:
Last Closed: 2017-06-28 14:57:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: CFME Core Target Upstream Version:
Embargoed:
Bug Depends On: 1406096    
Bug Blocks:    

Comment 2 Satoe Imaishi 2017-03-03 16:36:01 UTC
PR: https://github.com/ManageIQ/manageiq-ui-service/pull/554

Comment 3 Satoe Imaishi 2017-04-06 21:23:36 UTC
Re-opening as we needed to lock jquery at 2.1.4 for classic-ui:
https://github.com/ManageIQ/manageiq/pull/14200

Comment 4 Satoe Imaishi 2017-04-06 21:24:25 UTC
Meant to say "~2.1.4".

Comment 7 CFME Bot 2017-04-07 12:58:48 UTC
New commit detected on ManageIQ/manageiq-ui-classic/master:
https://github.com/ManageIQ/manageiq-ui-classic/commit/61a9f6f3ba6c2ad3d4cb2d8b044a8fb09d48bbe6

commit 61a9f6f3ba6c2ad3d4cb2d8b044a8fb09d48bbe6
Author:     Martin Hradil <mhradil>
AuthorDate: Fri Apr 7 10:33:53 2017 +0000
Commit:     Martin Hradil <mhradil>
CommitDate: Fri Apr 7 10:33:53 2017 +0000

    Upgrade jQuery to ~2.2.4
    
    (2.2 being the latest non-3.* jQuery)
    
    This is mostly so that we can backport this to fine, master will be upgraded to 3.* hopefully soon.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1428944

 bower.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comment 9 CFME Bot 2017-04-28 22:05:54 UTC
New commit detected on ManageIQ/manageiq/euwe:
https://github.com/ManageIQ/manageiq/commit/4f323f62e0462b41e2c14f20bce83491da1da772

commit 4f323f62e0462b41e2c14f20bce83491da1da772
Author:     Martin Povolny <mpovolny>
AuthorDate: Fri Apr 7 14:56:25 2017 +0200
Commit:     Satoe Imaishi <simaishi>
CommitDate: Fri Apr 28 18:01:05 2017 -0400

    Merge pull request #957 from himdel/jquery22
    
    Upgrade jQuery to ~2.2.4
    (cherry picked from commit dceceb8a4bf445a8bb5cecddbd74df8727673e20)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1428944

 bower.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comment 10 Matouš Mojžíš 2017-06-12 09:40:18 UTC
Verified in 5.7.3.1. Requirement file needs jquery 2.2.4 now.

Comment 12 errata-xmlrpc 2017-06-28 14:57:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:1601