[ 
https://issues.apache.org/jira/browse/MSKINS-175?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17655854#comment-17655854
 ] 

jycr commented on MSKINS-175:
-----------------------------

To be more accurate, generated Maven sites (with maven-fluido-skin) are 
currently affected by 4 CVEs (not only 2)

* [CVE-2015-9251|https://nvd.nist.gov/vuln/detail/cve-2015-9251]
* [CVE-2019-11358|https://nvd.nist.gov/vuln/detail/CVE-2019-11358]
* [CVE-2020-11022|https://nvd.nist.gov/vuln/detail/CVE-2020-11022]
* [CVE-2020-11023|https://nvd.nist.gov/vuln/detail/CVE-2020-11023]

As requested, an upgrade of jQuery is needed to use jQuery version >= 3.5.0

Unfortunately, Bootstrap 2.3.2 does not support jQuery 3+

An upgrade of Bootstrap is needed : version >= 3.3.7
Some modifications is needed, see: https://getbootstrap.com/docs/3.4/migration/

Please note: Bootstrap 2 is under Apache License, Bootstrap 3 is under MIT 
License

> Upgrade to JQuery 3.6.0 in Fluido skin
> --------------------------------------
>
>                 Key: MSKINS-175
>                 URL: https://issues.apache.org/jira/browse/MSKINS-175
>             Project: Maven Skins
>          Issue Type: Bug
>          Components: Fluido Skin
>            Reporter: László Langó
>            Priority: Critical
>              Labels: Securtity
>
> Please upgrade to JQuery 3.6.0 due to CVEs 
> ([CVE-2020-11022|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022]
>  and 
> [CVE-2020-11023|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023])
>  affecting JQuery <3.5.0.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to