Security Warning with v2.1

  • Resolved swift

    (@swift)


    4 years, 10 months ago

    I just upgraded to v2.1 (a little late, I know) and my host (1and1) just sent an email saying that there is a security issue with wp-content/plugins/capability-manager-enhanced/common/libs/chosen-v1.8.3/docsupport/jquery-3.2.1.min.js

    It’s possible their scanner is wrong, but can you check to make sure there isn’t an issue here?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Steve Burge

    (@stevejburge)

    4 years, 10 months ago

    Hi @swift

    Thanks for using PublishPress Capabilities.

    Do they have any specific details on this issue?

    Thread Starter swift

    (@swift)

    4 years, 10 months ago

    Not really. Here’s the main statement:
    “A few minutes ago, our antivirus scanner detected that a malicious file was uploaded to your webspace.”

    I just updated to v2.1 minutes ago so that was the action that added the file and triggered the warning.

    I just compared the md5 hash of the file in the plugin to the hash of the same version on jQuery CDN and they match (c9f5aeeca3ad37bf2aa006139b935f0a) so unless the CDN is also corrupted, I suspect it’s a false positive from the antivirus. What’s your take?

    Plugin Author Steve Burge

    (@stevejburge)

    4 years, 10 months ago

    Thanks @swift

    I would tend to agree, yes.

    Version 2.1 has been out since mid-June with no other reports of this.

    Plugin Author Kevin Behrens

    (@kevinb)

    4 years, 10 months ago

    @swift @stevejburge

    The flagged file is only used by the chosen library’s developer documentation files, which we do not need to distribute. I’ve committed a pull request to remove those files, so the next Capabilities release should eliminate this issue.

    https://github.com/publishpress/PublishPress-Capabilities/issues/184

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Security Warning with v2.1’ is closed to new replies.