Bug #91334

XSS in jQuery <3.5.0

Added by Oliver Hader 2 months ago. Updated about 2 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2020-05-07
Due date:
% Done:

100%

TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:


Related issues

Related to TYPO3 Core - Bug #91367: TYPO3 9.5.17 error with ext:form and upload fields Closed 2020-05-12

Associated revisions

Revision f34eb516 (diff)
Added by Andreas Fernandez about 2 months ago

[TASK] Incorporate changes of jQuery version 3.5.0

This commit introduces live-patching of node_modules, which applies
patch files to specific modules (similar to composer-patches).

Patch files for fixing security issues are provided and applied after
installing the modules via `yarn install`.

http://blog.jquery.com/2020/05/04/jquery-3-5-1-released-fixing-a-regression/

The patches are based on
https://github.com/DanielRuf/snyk-js-jquery-565129.

Resolves: #91334
Releases: master, 9.5
Change-Id: I85555e9a21d6121e1a39c057b777a9250d56a781
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64459
Tested-by: TYPO3com <>
Tested-by: Oliver Hader <>
Reviewed-by: Oliver Hader <>

Revision 14849c32 (diff)
Added by Andreas Fernandez about 2 months ago

[TASK] Incorporate changes of jQuery version 3.5.0

Patch files for fixing security issues are provided and applied after
installing the modules via `yarn install`.

http://blog.jquery.com/2020/05/04/jquery-3-5-1-released-fixing-a-regression/

The patches are based on
https://github.com/DanielRuf/snyk-js-jquery-565129.

Resolves: #91334
Releases: master, 9.5
Change-Id: I85555e9a21d6121e1a39c057b777a9250d56a781
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64460
Tested-by: TYPO3com <>
Tested-by: Oliver Hader <>
Reviewed-by: Oliver Hader <>

History

#1 Updated by Gerrit Code Review 2 months ago

  • Status changed from New to Under Review

Patch set 2 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/c/Teams/Security/TYPO3v4-Core/+/64406

#2 Updated by Gerrit Code Review 2 months ago

Patch set 3 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/c/Teams/Security/TYPO3v4-Core/+/64406

#3 Updated by Gerrit Code Review 2 months ago

Patch set 1 for branch 9.5 of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/c/Teams/Security/TYPO3v4-Core/+/64434

#4 Updated by Gerrit Code Review 2 months ago

Patch set 2 for branch 9.5 of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/c/Teams/Security/TYPO3v4-Core/+/64434

#5 Updated by Gerrit Code Review 2 months ago

Patch set 4 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/c/Teams/Security/TYPO3v4-Core/+/64406

#6 Updated by Gerrit Code Review 2 months ago

Patch set 3 for branch 9.5 of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/c/Teams/Security/TYPO3v4-Core/+/64434

#7 Updated by Gerrit Code Review about 2 months ago

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64459

#8 Updated by Gerrit Code Review about 2 months ago

Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64460

#9 Updated by Andreas Fernandez about 2 months ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#10 Updated by Oliver Hader about 2 months ago

  • Project changed from Core Security to TYPO3 Core
  • Category deleted (OW-A09: Components with Known Vulnerabilities)

#11 Updated by Benni Mack about 2 months ago

  • Status changed from Resolved to Closed

#12 Updated by Oliver Hader about 2 months ago

  • Related to Bug #91367: TYPO3 9.5.17 error with ext:form and upload fields added

Also available in: Atom PDF