Page History

Retire.js is a free open source scanner for detecting the use of JavaScript libraries with known vulnerabilities.

...

I (Jacques Le Roux) just (2015-12-08) used retire.js on trunk HEAD (r1716917) and got these results:

framework\images\webapp\images\jquery\jquery-migrate-1.2.1.js has known vulnerabilities: severity: medium; bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/
specialpurpose\solr\webapp\solr\js\require.js has known vulnerabilities: severity: medium; bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 http://research.insecurelabs.org/jquery/test/
specialpurpose\birt\webapp\birt\webcontent\birt\ajax\lib\prototype.js has known vulnerabilities: severity: high; CVE: CVE-2008-7220; http://www.cvedetails.com/cve/CVE-2008-7220/

...

Following are the efforts put to fix vulnerabilities detected using retire.js:

Scan Date

Ticket

Affected Version

Vulnerabilities

Fix Date

Fixed Release

Fixes

18-March-2017

Jira

server	ASF JIRA
serverId	5aa69414-a9e9-3523-82ec-879b028fb15b
key	OFBIZ-9269

Trunk

CVE-2015-9251

20-November-2017

17.12.01

jQuery upgraded

from jQuery 1.11.0 to jQuery 3.2.1

06-June-2019

Jira

server	ASF JIRA
serverId	5aa69414-a9e9-3523-82ec-879b028fb15b
key	OFBIZ-10678

16.11.05

CVE-2015-9251

CVE-2019-11358

18-June-2019

16.11.06

jQuery upgraded

from jQuery 1.11.0 to jQuery 3.4.1

06-June-2019

Jira

server	ASF JIRA
serverId	5aa69414-a9e9-3523-82ec-879b028fb15b
key	OFBIZ-10678

17.12.01, 18.12.01, Trunk

CVE-2018-14041

CVE-2019-11358

27-July-2019

17.12.01,

18.12.01

For CVE-2018-14041 Bootstrap upgraded to 4.3

For CVE-2019-11358 jQuery upgraded from jQuery 3.2.1 to jQuery 3.4.1

Space shortcuts

Child pages

Versions Compared

Old Version 3

New Version 4

Key