Bug 1428944 - Vulnerable JQuery Version
Summary: Vulnerable JQuery Version
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Security
Version: 5.6.0
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: GA
: 5.7.3
Assignee: Martin Hradil
QA Contact: Matouš Mojžíš
URL:
Whiteboard:
Depends On: 1406096
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-03-03 16:31 UTC by Satoe Imaishi
Modified: 2020-09-10 10:16 UTC (History)
8 users (show)

Fixed In Version: 5.7.3.1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1406096
Environment:
Last Closed: 2017-06-28 14:57:56 UTC
Category: ---
Cloudforms Team: CFME Core
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:1601 0 normal SHIPPED_LIVE Important: CFME 5.7.3 security, bug fix and enhancement update 2017-06-28 18:51:52 UTC

Comment 2 Satoe Imaishi 2017-03-03 16:36:01 UTC
PR: https://github.com/ManageIQ/manageiq-ui-service/pull/554

Comment 3 Satoe Imaishi 2017-04-06 21:23:36 UTC
Re-opening as we needed to lock jquery at 2.1.4 for classic-ui:
https://github.com/ManageIQ/manageiq/pull/14200

Comment 4 Satoe Imaishi 2017-04-06 21:24:25 UTC
Meant to say "~2.1.4".

Comment 7 CFME Bot 2017-04-07 12:58:48 UTC
New commit detected on ManageIQ/manageiq-ui-classic/master:
https://github.com/ManageIQ/manageiq-ui-classic/commit/61a9f6f3ba6c2ad3d4cb2d8b044a8fb09d48bbe6

commit 61a9f6f3ba6c2ad3d4cb2d8b044a8fb09d48bbe6
Author:     Martin Hradil <mhradil@redhat.com>
AuthorDate: Fri Apr 7 10:33:53 2017 +0000
Commit:     Martin Hradil <mhradil@redhat.com>
CommitDate: Fri Apr 7 10:33:53 2017 +0000

    Upgrade jQuery to ~2.2.4
    
    (2.2 being the latest non-3.* jQuery)
    
    This is mostly so that we can backport this to fine, master will be upgraded to 3.* hopefully soon.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1428944

 bower.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comment 9 CFME Bot 2017-04-28 22:05:54 UTC
New commit detected on ManageIQ/manageiq/euwe:
https://github.com/ManageIQ/manageiq/commit/4f323f62e0462b41e2c14f20bce83491da1da772

commit 4f323f62e0462b41e2c14f20bce83491da1da772
Author:     Martin Povolny <mpovolny@redhat.com>
AuthorDate: Fri Apr 7 14:56:25 2017 +0200
Commit:     Satoe Imaishi <simaishi@redhat.com>
CommitDate: Fri Apr 28 18:01:05 2017 -0400

    Merge pull request #957 from himdel/jquery22
    
    Upgrade jQuery to ~2.2.4
    (cherry picked from commit dceceb8a4bf445a8bb5cecddbd74df8727673e20)
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1428944

 bower.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comment 10 Matouš Mojžíš 2017-06-12 09:40:18 UTC
Verified in 5.7.3.1. Requirement file needs jquery 2.2.4 now.

Comment 12 errata-xmlrpc 2017-06-28 14:57:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:1601


Note You need to log in before you can comment on or make changes to this bug.