-
Notifications
You must be signed in to change notification settings - Fork 124
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerable JavaScript libraries #83
Comments
v1.9.1 (~2013 release) was the last to support IE6/7/8. there are some breaking changes between each of these major. Definitely for the moodleapp 1.9 is no good. Does anyone know of a reason not to upgrade to latest jquery? |
H5P was originally created with support for IE8 which has since been dropped. However, some of the content types are still dependant on jQuery 1.9. I believe an upgrade would require a fair amount of time with refactoring and testing. So, until now the 1.9 in H5P has been manually patched for any known issues. |
any comment on what Doing a diff against the upstream from https://code.jquery.com/jquery/, it appears the one in the h5p git repo only has 1 difference, the following is appended:
the concern is since there are known sec vulnerabilities against that version (and probably many unknown since people stopped reporting them about 5 years ago). |
Hi, from MoodleHQ we are working on fix this issue (https://tracker.moodle.org/browse/MDL-68704) and once this issue will be fixed we would like to do a pull-request in order to H5P could integrate the solution.
Cheers. |
I see this old jquery library is updated in the master branch but not in the most current release from Dec 2022. Do you know when this will be added to a release? |
This is also becoming an issue, as we have 3rd party scans that are revealing this vulnerability. Any guess as to the effort of bringing jQuery up to date here? |
The code is already updated, but hasn't yet been released. |
Security alert
Your app contains one or more libraries with known security issues. Please see this Google Help Center article for details.
Vulnerable JavaScript libraries:
Name Version Known issues Identified files
jquery 1.9.1 SNYK-npm:jquery:20110606
SNYK-npm:jquery:20150627
SNYK-JS-JQUERY-174006 assets/www/h5p/js/jquery.js
Affects APK version 30801.
Error in Moodle Mobile App 3.8.1
The text was updated successfully, but these errors were encountered: