[jira] [Updated] (MSKINS-203) CVEs in generated maven site with maven-fluido-skin

Fri, 06 Jan 2023 04:08:07 -0800 


     [ 
https://issues.apache.org/jira/browse/MSKINS-203?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

jycr updated MSKINS-203:
------------------------
    Description: 
Generated Maven site (with ) affected by following CVE:

* [CVE-2015-9251|https://nvd.nist.gov/vuln/detail/cve-2015-9251]
* [CVE-2019-11358|https://nvd.nist.gov/vuln/detail/CVE-2019-11358]
* [CVE-2020-11022|https://nvd.nist.gov/vuln/detail/CVE-2020-11022]
* [CVE-2020-11023|https://nvd.nist.gov/vuln/detail/CVE-2020-11023]

Those CVEs are regarding jQuery version used by this skin: jQuery 1.11.2

An upgrade of jQuery is needed to use jQuery version >= 3.5.0

Unfortunately, Bootstrap 2.3.2 does not support jQuery 3+

An upgrade of Bootstrap is needed to use Bootstrap version >= 3.3.7

Some modifications is needed, see: https://getbootstrap.com/docs/3.4/migration/

Please note: Bootstrap 2 is under Apache License, Bootstrap 3 is under MIT 
License

  was:
Generated Maven site affected by following CVE:

* [CVE-2015-9251|https://nvd.nist.gov/vuln/detail/cve-2015-9251]
* [CVE-2019-11358|https://nvd.nist.gov/vuln/detail/CVE-2019-11358]
* [CVE-2020-11022|https://nvd.nist.gov/vuln/detail/CVE-2020-11022]
* [CVE-2020-11023|https://nvd.nist.gov/vuln/detail/CVE-2020-11023]

Those CVEs are regarding jQuery version used by this skin: jQuery 1.11.2

An upgrade of jQuery is needed to use jQuery version >= 3.5.0

Unfortunately, Bootstrap 2.3.2 does not support jQuery 3+

An upgrade of Bootstrap is needed to use Bootstrap version >= 3.3.7

Some modifications is needed, see: https://getbootstrap.com/docs/3.4/migration/

Please note: Bootstrap 2 is under Apache License, Bootstrap 3 is under MIT 
License


> CVEs in generated maven site with maven-fluido-skin
> ---------------------------------------------------
>
>                 Key: MSKINS-203
>                 URL: https://issues.apache.org/jira/browse/MSKINS-203
>             Project: Maven Skins
>          Issue Type: Bug
>          Components: Fluido Skin
>    Affects Versions: fluido-1.11.1
>            Reporter: jycr
>            Priority: Critical
>
> Generated Maven site (with ) affected by following CVE:
> * [CVE-2015-9251|https://nvd.nist.gov/vuln/detail/cve-2015-9251]
> * [CVE-2019-11358|https://nvd.nist.gov/vuln/detail/CVE-2019-11358]
> * [CVE-2020-11022|https://nvd.nist.gov/vuln/detail/CVE-2020-11022]
> * [CVE-2020-11023|https://nvd.nist.gov/vuln/detail/CVE-2020-11023]
> Those CVEs are regarding jQuery version used by this skin: jQuery 1.11.2
> An upgrade of jQuery is needed to use jQuery version >= 3.5.0
> Unfortunately, Bootstrap 2.3.2 does not support jQuery 3+
> An upgrade of Bootstrap is needed to use Bootstrap version >= 3.3.7
> Some modifications is needed, see: 
> https://getbootstrap.com/docs/3.4/migration/
> Please note: Bootstrap 2 is under Apache License, Bootstrap 3 is under MIT 
> License



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to