Hi. I have version 18.11.05 of Koha. All versions of koha 18.11.x install jquery v1.7. How can I upgrade to the latest stable version of jquery? Regards
hi Marcos i think it's not easily to upgrade jquery as koha's jquery-ui library depends on jquery v1.7 On 25/07/19 12:08 PM, Ing. Marcos Rene Alvarez Moreno wrote:
Hi. I have version 18.11.05 of Koha. All versions of koha 18.11.x install jquery v1.7. How can I upgrade to the latest stable version of jquery?
Regards _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
hmm, it seems its possible to run multiple versions of jquery on a page https://stackoverflow.com/questions/1566595/can-i-use-multiple-versions-of-j... this means that it should be possible to upgrade jquery, after all... theoretically :) On 26/07/19 11:25 AM, Mason James wrote:
hi Marcos
i think it's not easily to upgrade jquery as koha's jquery-ui library depends on jquery v1.7
On 25/07/19 12:08 PM, Ing. Marcos Rene Alvarez Moreno wrote:
Hi. I have version 18.11.05 of Koha. All versions of koha 18.11.x install jquery v1.7. How can I upgrade to the latest stable version of jquery?
Regards _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
It should be possible to work without jquery at all, and almost without JavaScript. El 25/7/19 a les 2:08, Ing. Marcos Rene Alvarez Moreno ha escrit:
Hi. I have version 18.11.05 of Koha. All versions of koha 18.11.x install jquery v1.7. How can I upgrade to the latest stable version of jquery?
Regards _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Is there a specific reason you need the latest stable version of jQuery? You can load multiple versions of jQuery on a page using the noConflict <https://api.jquery.com/jQuery.noConflict/> method. The code might look like: call noConflict from the first version, load the second e.g. using an AJAX call, call noConflict on the second version and store a reference to it in a variable. But it's really not worth going to all this trouble unless there's something you absolutely need in the latest version. Best, ERIC PHETTEPLACE Systems Librarian (he/him) ephetteplace@cca.edu | o 510.594.3660 5212 Broadway | Oakland, CA | 94618 :(){ :|: & };: On Thu, Jul 25, 2019 at 11:45 PM Narcis Garcia <informatica@actiu.net> wrote:
It should be possible to work without jquery at all, and almost without JavaScript.
El 25/7/19 a les 2:08, Ing. Marcos Rene Alvarez Moreno ha escrit:
Hi. I have version 18.11.05 of Koha. All versions of koha 18.11.x install jquery v1.7. How can I upgrade to the latest stable version of jquery?
Regards _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
install jquery v1.7. How can I upgrade to the latest stable version of jquery?
I would like to hear more details about why you want to upgrade jQuery. I'm not aware of a reason to do so just for the sake of having the latest version. -- Owen -- Web Developer Athens County Public Libraries https://www.myacpl.org
On 2019-07-27 9:04 p.m., Owen Leonard wrote:
install jquery v1.7. How can I upgrade to the latest stable version of jquery?
I would like to hear more details about why you want to upgrade jQuery. I'm not aware of a reason to do so just for the sake of having the latest version.
[probably off-topic for many readers] Jumping in from a philosophically technical (or technically philosophical) perspective: maybe there are other organizations that run more than one website | database | application? We do -- in house, not "in a cloud", and a couple of years ago we invested in additional servers for this type of problem. Note that I do not remember jquery as being necessarily problematic, but various flavours of o/s, kernel, perl, apache (and its setup and dependencies), html, mysql, python, letsencrypt, maybe more... made it more straightforward and saved my sanity from an IT perspective We invested in a front-end server running nginx to distribute to two "main" servers (Koha, all the rest) and two backups (Koha, all the rest.) It works totally reliably, but we went from two servers ("all" plus "backup") to five. Plus the sandboxes. Every springtime we "sandbox" the latest version of Koha, and while we always get it to function, we have never (yet!) found an easy solution to exactly this type of production capability | service and dependency version compatibility. Quite frankly, I haven't touched our production Koha in years -- it's fast and rock-solid; we love it. But at 3.8.24 probably way out of date for a "lending" library (which we are not) but brilliant for cataloguing. Bottom line: it's a bit of an IT challenge to maintain and/or upgrade a server environment plus Koha plus other usages, from a soft- and hardware perspective. I run a charity and from a budgetary p.o.v. found it easier to dedicate additional hardware, at a static software level, to the production Koha that we rely upon. Please note: this is *not* a recommendation, only one organization's perspective... Best -- Paul
I would like to hear more details about why you want to upgrade jQuery.
I'm copying this out-of-thread reply because I think it's important for anyone who's watching this issue: On Wed, Jul 31, 2019 at 7:56 PM Ing. Marcos Rene Alvarez Moreno <mralvarezm@dgb.unam.mx> wrote:
The reason for updating jquery is because the jQuery library in versions prior to 3.0.0 is vulnerable to Cross Site Scripting (XSS) attacks when a request is made type Ajax to other domains if the dataType option is not specified. It is specified in the jQuery Library vulnerable to XSS - CVE-2015-9251.
A direct link: https://nvd.nist.gov/vuln/detail/CVE-2015-9251 I want to point out that one aspect of the original post in this conversation is incorrect: 18.11.x uses jQuery 2.2.3 (not 1.7) However, the issue is the same: The fix for the vulnerability was not packported from jQuery 3 to earlier versions. Note that there is a non-upgrading option for fixing the problem suggested here: https://github.com/jquery/jquery/issues/2432#issuecomment-403761229 Updating Koha to use jQuery 3.0 is certainly the way forward but is not an immediate fix. Thanks for raising this issue, -- Owen -- Web Developer Athens County Public Libraries https://www.myacpl.org
On 2/08/19 1:22 AM, Owen Leonard wrote:
I would like to hear more details about why you want to upgrade jQuery. I'm copying this out-of-thread reply because I think it's important for anyone who's watching this issue:
On Wed, Jul 31, 2019 at 7:56 PM Ing. Marcos Rene Alvarez Moreno <mralvarezm@dgb.unam.mx> wrote:
The reason for updating jquery is because the jQuery library in versions prior to 3.0.0 is vulnerable to Cross Site Scripting (XSS) attacks when a request is made type Ajax to other domains if the dataType option is not specified. It is specified in the jQuery Library vulnerable to XSS - CVE-2015-9251. A direct link: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
I want to point out that one aspect of the original post in this conversation is incorrect: 18.11.x uses jQuery 2.2.3 (not 1.7) Koha uses both jquery versions; the reason is because staff/opac have different bootstrap versions
jquery 1.7 for opac jquery 2.2.3 for staff
participants (6)
-
Eric Phetteplace -
Ing. Marcos Rene Alvarez Moreno -
Mason James -
Narcis Garcia -
Owen Leonard -
Paul A