jQuery 1.12.4 still in Joomla 3.9.22 Topic is solved

Discussion regarding Joomla! 3.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Locked
gsmela
Joomla! Explorer
Joomla! Explorer
Posts: 285
Joined: Thu Jun 10, 2010 12:38 pm
Contact:

jQuery 1.12.4 still in Joomla 3.9.22

Post by gsmela » Mon Nov 23, 2020 4:15 pm

In checking performance on a few of my sites I'm seeing front-end JavaScript libraries with four known security vulnerabilities from [email protected].

What is common about the three sites in question all are on Joomla 3.9.22 and were created ten years ago in Joomla 1.5 and updated over the years.

How can I update that? Thank you. (I wasn't sure if this was better placed in Performance but it might be more appropriate in Security.)
Last edited by toivo on Mon Nov 23, 2020 4:47 pm, edited 1 time in total.
Reason: mod note: moved, not related to 3.x Performance - retitled

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12781
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: jQuery 1.12.4 still in Joomla 3.9.22

Post by brian » Mon Nov 23, 2020 5:00 pm

The version of jquery that is shipped with joomla has the security fixes backported into it. You can confirm that this is the case by opening the file and you will see

* Modified by Joomla: Mitigate possible XSS vulnerability (gh-2432), CMS Issue 19464; Prevent Object Prototype Polution, https://github.com/jquery/jquery/pull/4333
* Modified by Joomla: Mitigate possible XSS vulnerability CVE-2020-11022 and CVE-2020-11023, CMS Issue 28948; https://github.com/DanielRuf/snyk-js-jquery-565129 & https://git.drupalcode.org/project/drup ... 10079b65aa
*/
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

gsmela
Joomla! Explorer
Joomla! Explorer
Posts: 285
Joined: Thu Jun 10, 2010 12:38 pm
Contact:

Re: jQuery 1.12.4 still in Joomla 3.9.22

Post by gsmela » Mon Nov 23, 2020 7:23 pm

Thank you!


Locked

Return to “Security in Joomla! 3.x”