[Koha] Update jquery

Mason James mtj at kohaaloha.com
Fri Aug 2 11:02:20 NZST 2019



On 2/08/19 1:22 AM, Owen Leonard wrote:
>> I would like to hear more details about why you want to upgrade jQuery.
> I'm copying this out-of-thread reply because I think it's important
> for anyone who's watching this issue:
>
> On Wed, Jul 31, 2019 at 7:56 PM Ing. Marcos Rene Alvarez Moreno
> <mralvarezm at dgb.unam.mx> wrote:
>
>> The reason for updating jquery is because the jQuery library in versions
>> prior to 3.0.0 is vulnerable to Cross Site Scripting (XSS) attacks when
>> a request is made type Ajax to other domains if the dataType option is
>> not specified.
>> It is specified in the jQuery Library vulnerable to XSS - CVE-2015-9251.
> A direct link: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
>
> I want to point out that one aspect of the original post in this
> conversation is incorrect: 18.11.x uses jQuery 2.2.3 (not 1.7)
Koha uses both jquery versions; the reason is because staff/opac have different bootstrap versions

jquery 1.7 for opac
jquery 2.2.3 for staff










More information about the Koha mailing list