It looks like PHPlist is using a very old version of JQuery. (V1.5.2) I was wondering what others were doing to mitigate the security concerns of this? Has anyone manually updated the JQuery version without any side effects?
Thanks!
Kathleen
1 Like
Do you mean phpList 3 itself or a dependency library or plugin?
It would be great if you could try updating it yourself, and submit it in a GitHub pull request.
phplist-3.3.8\public_html\lists\admin\js
It looks like it is using the JQuery verison 1.7.1. It looks like there are security vulnerabilities for any version of Jquery before 1.9.0.
1 Like
Reported to the issue tracker: https://mantis.phplist.org/view.php?id=19755
Hi all,
I see that jquery has been updated in phplist-3.4.0-RC1\public_html\lists\admin\js in the release candidate 3.4.0, which is great!
It looks like a separate jquery library is in phplist-3.4.0-RC1.zip\phplist-3.4.0-RC1\public_html\lists\js
Can this jquery be updated as well?
All the best,
Kathleen
1 Like
Good call - thanks for highlighting!
That jQuery is probably only used for the public pages, with basic functionality for drop down list styling etc. However it should also be updated. Not sure if it’ll make it into 3.4.0 - depends what other issues crop up in RC testing.
Is it planned to be updated for 3.4.2? I noticed that the jquery 1.5.2 is still in \phplist-3.4.1\public_html\lists\js
Thanks!
Kathleen
FYI a commit which updates this version of jQuery has now been merged into master and is scheduled for release on the 11th:https://github.com/phpList/phplist3/pull/523
Late reply, but thank you nonetheless!
1 Like
Sorry for the late reply. I noticed the same issue today that was reported by the OP, as I still run an older phplist version (I can’t upgrade until I have time to also change my custom plugins).
Did anybody try simply updating the ‘questionable’ jquery file to the latest ?
Is that safe to do ?