Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JQuery: Upgrade to 3.4.1 #4747

Closed
melloware opened this issue Apr 20, 2019 · 11 comments

Comments

Projects
None yet
6 participants
@melloware
Copy link
Contributor

commented Apr 20, 2019

JQuery 3.4.0 Released!

https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

This will also allow us to finish CSP without a custom fix. #3505

tandraschko added a commit that referenced this issue Apr 22, 2019

@tandraschko tandraschko added this to the 7.1 milestone Apr 22, 2019

melloware added a commit to melloware/primefaces that referenced this issue May 2, 2019

@melloware

This comment has been minimized.

Copy link
Contributor Author

commented May 2, 2019

PR Submitted.

tandraschko added a commit that referenced this issue May 2, 2019

@cristiantm

This comment has been minimized.

Copy link

commented May 10, 2019

Any plans to release this sooner as a public version, considering CVE-2019-11358 that affects jQuery<3.4?
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11358

@melloware

This comment has been minimized.

Copy link
Contributor Author

commented May 10, 2019

@mertsincan Any thoughts to merge into Elite 7.0.2 since this is a CVE?

@cristiantm

This comment has been minimized.

Copy link

commented May 14, 2019

@mertsincan Any thoughts to merge into Elite 7.0.2 since this is a CVE?

I would add the question if there is any policy to release extra public versions in case of CVEs. I do understand Elite is the version for getting maintenance and new features earlier, but is ther any exception for CVEs?

@mertsincan mertsincan added the 7.0.4 label May 21, 2019

@mertsincan mertsincan changed the title JQuery: Upgrade to 3.4.0 JQuery: Upgrade to 3.4.1 May 21, 2019

@melloware

This comment has been minimized.

Copy link
Contributor Author

commented May 22, 2019

We should probably add the security label to this ticket since it addresses a major CVE in Jquery.

@xxaaxxaa

This comment has been minimized.

Copy link

commented Jun 4, 2019

Does the tag 7.0.4 means itwill be relaese w 7.0.4 ? when ?

@melloware

This comment has been minimized.

Copy link
Contributor Author

commented Jun 4, 2019

Yes 7.0.4 means it will be in Elite 7.0.4 . I would expect it out sometime in the next 2 weeks.

@xxaaxxaa

This comment has been minimized.

Copy link

commented Jun 10, 2019

can elaborate what is the plan to finish CSP now that v7 supports JQuery 3.4.1 ?

@melloware

This comment has been minimized.

Copy link
Contributor Author

commented Jun 10, 2019

I can't speak for @tandraschko but there are still two open tickets around its implementation:
#4787
#3505

@tandraschko

This comment has been minimized.

Copy link
Member

commented Jun 10, 2019

no idea whats left - i think just #4787 is open
maybe @cnsgithub can give some thoughts whats left?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.