/ matomo Public
Upgrade to jQuery version 3.5.0 or above #17272
For when a question was asked and we referred to forum or answered it.
For new feature suggestions that for example enhance Matomo's cabapilities..
For issues or pull requests that should not be included in our release changelog on matomo.org.
jQuery version 2.2.4 has an XSS vulnerability.
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
See CVE-2020-11022 for details.
The text was updated successfully, but these errors were encountered: