Access to add and change pages is restricted. See: https://cwiki.apache.org/confluence/display/OFBIZ/Wiki+access

Retire.js is a free open source scanner for detecting the use of JavaScript libraries with known vulnerabilities.

Links to get a better insight:

  1. http://retirejs.github.io/retire.js/
  2. https://github.com/RetireJS/retire.js/


Following are the efforts put to fix vulnerabilities detected using retire.js:

Scan DateTicketAffected VersionVulnerabilitiesFix DateFixed ReleaseFixes
18-March-2017

Unable to render Jira issues macro, execution error.

TrunkCVE-2015-925120-November-201717.12.01

jQuery upgraded 

from jQuery 1.11.0 to jQuery 3.2.1 
06-June-2019

Unable to render Jira issues macro, execution error.

16.11.05

 CVE-2015-9251

 CVE-2019-11358

18-June-201916.11.06

jQuery upgraded 

from jQuery 1.11.0 to jQuery 3.4.1
06-June-2019

Unable to render Jira issues macro, execution error.

17.12.01, 18.12.01, Trunk 

CVE-2018-14041

CVE-2019-11358

27-July-2019

17.12.01,

18.12.01

For CVE-2018-14041 Bootstrap upgraded to 4.3

For CVE-2019-11358 jQuery upgraded from jQuery 3.2.1 to jQuery 3.4.1

29-May-2020

Unable to render Jira issues macro, execution error.

17.12.01, 18.12.01, Trunk
Severity:medium
Summary: Regex in its jQuery.htmlPrefilter sometimes may introduce XSS;
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/		16-June-2020
12-June-2020		17.12.04
18.12.01

jQuery upgraded from jQuery 3.4.1 to jQuery 3.5.1
  • No labels