[Koha] Koha Digest, Vol 165, Issue 26

Ing. Marcos Rene Alvarez Moreno mralvarezm at dgb.unam.mx
Thu Aug 1 11:56:18 NZST 2019


Hi.

The reason for updating jquery is because the jQuery library in versions 
prior to 3.0.0 is vulnerable to Cross Site Scripting (XSS) attacks when 
a request is made type Ajax to other domains if the dataType option is 
not specified.
It is specified in the jQuery Library vulnerable to XSS - CVE-2015-9251.
So a patch should be released to cover this vulnerability for all 
versions of koha. I am currently using the version 18.11.05 Maintaining 
updated versions of the components on which koha depends (apache, mysql, 
jquery, java, perl, php, OS, etc.) allows us to have a secure system. 
Regards.

El 28/07/2019 a las 07:00 p. m., koha-request at lists.katipo.co.nz escribió:
> Send Koha mailing list submissions to
> 	koha at lists.katipo.co.nz
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.katipo.co.nz/mailman/listinfo/koha
> or, via email, send a message with subject or body 'help' to
> 	koha-request at lists.katipo.co.nz
>
> You can reach the person managing the list at
> 	koha-owner at lists.katipo.co.nz
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Koha digest..."
>
>
> Today's Topics:
>
>     1. Re: Update jquery (Owen Leonard)
>     2. Re: Update jquery (Paul A)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 27 Jul 2019 21:04:06 -0400
> From: Owen Leonard <oleonard at myacpl.org>
> To: koha <koha at lists.katipo.co.nz>
> Subject: Re: [Koha] Update jquery
> Message-ID:
> 	<CAO4qe2N374D_0QhcOujPXz5506pEK2tJDUw1ndRcAXS0-1HRyw at mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
>> install jquery v1.7. How can I upgrade to the latest stable version of
>> jquery?
> I would like to hear more details about why you want to upgrade
> jQuery. I'm not aware of a reason to do so just for the sake of having
> the latest version.
>
>   -- Owen
>
-- 



More information about the Koha mailing list