Versions Compared

Old Version 4

changes.mady.by.user Aditya Sharma

Saved on

compared with

New Version 5

changes.mady.by.user Aditya Sharma

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added information about the latest retirejs scan

Retire.js is a free open source scanner for detecting the use of JavaScript libraries with known vulnerabilities.

Links to get a better insightsinsight:

  1. http://retirejs.github.io/retire.js/
  2. https://github.com/RetireJS/retire.js/

Following are the efforts put to fix vulnerabilities detected using retire.js:

Scan DateTicketAffected VersionVulnerabilitiesFix DateFixed ReleaseFixes
18-March-2017

Jira
serverASF JIRA
serverId5aa69414-a9e9-3523-82ec-879b028fb15b
keyOFBIZ-9269

TrunkCVE-2015-925120-November-201717.12.01

jQuery upgraded 

from jQuery 1.11.0 to jQuery 3.2.1 
06-June-2019

Jira
serverASF JIRA
serverId5aa69414-a9e9-3523-82ec-879b028fb15b
keyOFBIZ-10678

16.11.05

 CVE-2015-9251

 CVE-2019-11358

18-June-201916.11.06

jQuery upgraded 

from jQuery 1.11.0 to jQuery 3.4.1
06-June-2019

Jira
serverASF JIRA
serverId5aa69414-a9e9-3523-82ec-879b028fb15b
keyOFBIZ-10678

17.12.01, 18.12.01, Trunk 

CVE-2018-14041

CVE-2019-11358

27-July-2019

17.12.01,

18.12.01

For CVE-2018-14041 Bootstrap upgraded to 4.3

For CVE-2019-11358 jQuery upgraded from jQuery 3.2.1 to jQuery 3.4.1

29-May-2020

Jira
serverASF JIRA
columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId5aa69414-a9e9-3523-82ec-879b028fb15b
keyOFBIZ-11752

17.12.01, 18.12.01, Trunk
Severity:medium
Summary: Regex in its jQuery.htmlPrefilter sometimes may introduce XSS;
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/