jQuery

  • Resolved jamesraja

    (@jamesraja)


    4 years ago

    Please update the version of jQuery.

    Below vulnerabilities exists on old version of 3.6.0

    “jQuery contains commented references to the hijacked domain blindsignals, within the files src/queue/delay.js and test/data/jquery-1.9.1.js (the former referring to a Web Archive version of the original site). Users without awareness of the domain’s status could be exposed to unspecified attacks if they attempt to follow the links to the hijacked site.”

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Andre Gagnon

    (@2winfactor)

    4 years ago

    I think you may be mistaking us with a different plugin.

    We do not bundle jQuery with our plugin. Instead we use the version of jQuery that ships with WordPress, which is best practice and part of ww.wp.xz.cn plugin guidelines:

    https://developer.ww.wp.xz.cn/plugins/wordpress-org/detailed-plugin-guidelines/#13-plugins-must-use-wordpress-default-libraries

    The current version is 3.6.0 at this time of writing.

    Thread Starter jamesraja

    (@jamesraja)

    4 years ago

    It is on one of the tmp files presto-player\vendor\composer\tmp-e1c4b3ac979b557091ea35fed1d2d7e1

    /sebastianbergmann-php-code-coverage-2e9da11/src/Report/Html/Renderer/Template/js/jquery.min.js

    Please check.

    Plugin Author Andre Gagnon

    (@2winfactor)

    4 years ago

    Ah, it looks like some temp files accidentally got added to the WordPress repo. Rest assured these are not used in the plugin. We have just updated the repo to remove them and we’ll be pushing out the update.

    Plugin Author Andre Gagnon

    (@2winfactor)

    4 years ago

    This is not fixed in 1.9.7. Thanks so much for reporting the issue.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘jQuery’ is closed to new replies.

Tags