back to phpList.org

JQuery Version 1.5.2

It looks like PHPlist is using a very old version of JQuery. (V1.5.2) I was wondering what others were doing to mitigate the security concerns of this? Has anyone manually updated the JQuery version without any side effects?

Thanks!
Kathleen

1 Like

Do you mean phpList 3 itself or a dependency library or plugin?

It would be great if you could try updating it yourself, and submit it in a GitHub pull request.

phplist-3.3.8\public_html\lists\admin\js

It looks like it is using the JQuery verison 1.7.1. It looks like there are security vulnerabilities for any version of Jquery before 1.9.0.

https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/version_id-235564/Jquery-Jquery-1.7.1.html

1 Like

Reported to the issue tracker: https://mantis.phplist.org/view.php?id=19755

Hi all,

I see that jquery has been updated in phplist-3.4.0-RC1\public_html\lists\admin\js in the release candidate 3.4.0, which is great!

It looks like a separate jquery library is in phplist-3.4.0-RC1.zip\phplist-3.4.0-RC1\public_html\lists\js

Can this jquery be updated as well?

All the best,
Kathleen

1 Like

Good call - thanks for highlighting!

That jQuery is probably only used for the public pages, with basic functionality for drop down list styling etc. However it should also be updated. Not sure if it’ll make it into 3.4.0 - depends what other issues crop up in RC testing.

Is it planned to be updated for 3.4.2? I noticed that the jquery 1.5.2 is still in \phplist-3.4.1\public_html\lists\js

Thanks!
Kathleen

FYI a commit which updates this version of jQuery has now been merged into master and is scheduled for release on the 11th:https://github.com/phpList/phplist3/pull/523

Late reply, but thank you nonetheless!

1 Like