[Koha] Koha Digest, Vol 165, Issue 26
Ing. Marcos Rene Alvarez Moreno
mralvarezm at dgb.unam.mx
Thu Aug 1 11:56:18 NZST 2019
Hi.
The reason for updating jquery is because the jQuery library in versions
prior to 3.0.0 is vulnerable to Cross Site Scripting (XSS) attacks when
a request is made type Ajax to other domains if the dataType option is
not specified.
It is specified in the jQuery Library vulnerable to XSS - CVE-2015-9251.
So a patch should be released to cover this vulnerability for all
versions of koha. I am currently using the version 18.11.05 Maintaining
updated versions of the components on which koha depends (apache, mysql,
jquery, java, perl, php, OS, etc.) allows us to have a secure system.
Regards.
El 28/07/2019 a las 07:00 p. m., koha-request at lists.katipo.co.nz escribió:
> Send Koha mailing list submissions to
> koha at lists.katipo.co.nz
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.katipo.co.nz/mailman/listinfo/koha
> or, via email, send a message with subject or body 'help' to
> koha-request at lists.katipo.co.nz
>
> You can reach the person managing the list at
> koha-owner at lists.katipo.co.nz
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Koha digest..."
>
>
> Today's Topics:
>
> 1. Re: Update jquery (Owen Leonard)
> 2. Re: Update jquery (Paul A)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 27 Jul 2019 21:04:06 -0400
> From: Owen Leonard <oleonard at myacpl.org>
> To: koha <koha at lists.katipo.co.nz>
> Subject: Re: [Koha] Update jquery
> Message-ID:
> <CAO4qe2N374D_0QhcOujPXz5506pEK2tJDUw1ndRcAXS0-1HRyw at mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
>> install jquery v1.7. How can I upgrade to the latest stable version of
>> jquery?
> I would like to hear more details about why you want to upgrade
> jQuery. I'm not aware of a reason to do so just for the sake of having
> the latest version.
>
> -- Owen
>
--
More information about the Koha
mailing list