back to phpList.org

JQuery Version 1.5.2


#1

It looks like PHPlist is using a very old version of JQuery. (V1.5.2) I was wondering what others were doing to mitigate the security concerns of this? Has anyone manually updated the JQuery version without any side effects?

Thanks!
Kathleen


#2

Do you mean phpList 3 itself or a dependency library or plugin?

It would be great if you could try updating it yourself, and submit it in a GitHub pull request.


#3

phplist-3.3.8\public_html\lists\admin\js

It looks like it is using the JQuery verison 1.7.1. It looks like there are security vulnerabilities for any version of Jquery before 1.9.0.

https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/version_id-235564/Jquery-Jquery-1.7.1.html


#4

Reported to the issue tracker: https://mantis.phplist.org/view.php?id=19755


#5

Hi all,

I see that jquery has been updated in phplist-3.4.0-RC1\public_html\lists\admin\js in the release candidate 3.4.0, which is great!

It looks like a separate jquery library is in phplist-3.4.0-RC1.zip\phplist-3.4.0-RC1\public_html\lists\js

Can this jquery be updated as well?

All the best,
Kathleen


#6

Good call - thanks for highlighting!

That jQuery is probably only used for the public pages, with basic functionality for drop down list styling etc. However it should also be updated. Not sure if it’ll make it into 3.4.0 - depends what other issues crop up in RC testing.


#7

Is it planned to be updated for 3.4.2? I noticed that the jquery 1.5.2 is still in \phplist-3.4.1\public_html\lists\js

Thanks!
Kathleen


#8

FYI a commit which updates this version of jQuery has now been merged into master and is scheduled for release on the 11th:https://github.com/phpList/phplist3/pull/523