yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1721193] Re: Outdated and vulnerable versions of Javascript libraries

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Jeremy Stanley <1721193@xxxxxxxxxxxxxxxxxx>
Date: Wed, 17 Feb 2021 20:05:51 -0000
Reply-to: Bug 1721193 <1721193@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I've set our security advisory task for this to Won't Fix as it's a
class C2 report per our taxonomy (A vulnerability, but not in OpenStack
supported code, e.g., in a dependency): https://security.openstack.org
/vmt-process.html#incident-report-taxonomy

** Changed in: ossa
       Status: Incomplete => Won't Fix

** Information type changed from Public Security to Public

** Tags added: security

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1721193

Title:
  Outdated and vulnerable versions of Javascript libraries

Status in OpenStack Dashboard (Horizon):
  Incomplete
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  One or more vulnerabilities were reported for few outdated version of the Javascript libraries, used by horizon.
  Suggestion is to upgrade to the latest version.

   /dashboard/static/dashboard/js/5508d0ed7005.js
   /dashboard/static/horizon/lib/jquery/jquery.js
   /dashboard/static/horizon/lib/jquery/jquery.min.js
   /dashboard/static/horizon/lib/jquery_migrate/jquery-migrate.js
   /dashboard/static/horizon/lib/jquery_migrate/jquery-migrate.min.js
   /dashboard/static/horizon/lib/jquery_ui/ui/jquery-ui.js
   /dashboard/static/horizon/lib/jquery_ui/ui/jquery.ui.dialog.js
   /dashboard/static/horizon/lib/jquery_ui/ui/minified/jquery-ui.min.js

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1721193/+subscriptions