← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1721193] Re: Outdated and vulnerable versions of Javascript libraries

 

Horizon uses xstatic-jquery 1.12.4.1 since Sep 26 2018. 1.12.4 is the latest jquery release.
As Mathias commented above, the maintenance of xstatic-jquery is decoupled with horizon, but horizon is responsible for making horizon work with the latest stable of jquery 1.x series at least.
We now use the latest stable of jquery 1.x so I am marking it as Fix Released. (I don't mark it as Invalid as we used 1.10.x when the bug is reported.)

FYI: Note that the horizon team is considering the switch to jquery 3
but it is still on the way as we hit test failures.

** Changed in: horizon
       Status: Incomplete => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1721193

Title:
  Outdated and vulnerable versions of Javascript libraries

Status in OpenStack Dashboard (Horizon):
  Fix Released
Status in OpenStack Security Advisory:
  Won't Fix

Bug description:
  One or more vulnerabilities were reported for few outdated version of the Javascript libraries, used by horizon.
  Suggestion is to upgrade to the latest version.

   /dashboard/static/dashboard/js/5508d0ed7005.js
   /dashboard/static/horizon/lib/jquery/jquery.js
   /dashboard/static/horizon/lib/jquery/jquery.min.js
   /dashboard/static/horizon/lib/jquery_migrate/jquery-migrate.js
   /dashboard/static/horizon/lib/jquery_migrate/jquery-migrate.min.js
   /dashboard/static/horizon/lib/jquery_ui/ui/jquery-ui.js
   /dashboard/static/horizon/lib/jquery_ui/ui/jquery.ui.dialog.js
   /dashboard/static/horizon/lib/jquery_ui/ui/minified/jquery-ui.min.js

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1721193/+subscriptions