Vote #79981
完了Updates jQuery to 2.2.4 and adds jQuery Migrate library
0%
説明
The current version of jQuery used in Redmine (1.11.1) is a couple of years old, and plagued with known "security vulnerabilities":https://www.cvedetails.com/vulnerability-list.php?vendor_id=6538&product_id=0&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=8&sha=cb2a1701a62483883bb26bfed4bac08a56f263d1 and some that are not listed in CVE.
jQuery itself releases a plugin called "jQuery Migrate":https://github.com/jquery/jquery-migrate/#readme to help with the transition.
The question is, is there any plan to upgrade jQuery?
journals
Related issue: #30486
--------------------------------------------------------------------------------
Federico Vera wrote:
> The current version of jQuery used in Redmine (1.11.1) is a couple of years old, and plagued with known "security vulnerabilities":https://www.cvedetails.com/vulnerability-list.php?vendor_id=6538&product_id=0&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=8&sha=cb2a1701a62483883bb26bfed4bac08a56f263d1 and some that are not listed in CVE.
>
> jQuery itself releases a plugin called "jQuery Migrate":https://github.com/jquery/jquery-migrate/#readme to help with the transition.
>
> The question is, is there any plan to upgrade jQuery?
Hello there,
I am interested in this subject too, as we are using redmine 4.0.3 and security services are putting some pressure on us because of this vulnerability (they are asking me to shut the redmine system down).
Any plan to migrate to latest jQuery version?
Regards,
Philippe
--------------------------------------------------------------------------------
I've some work in progress on this topic.
--------------------------------------------------------------------------------
Here is a "patch":https://gitlab.com/redmine-org/redmine/merge_requests/8/diffs (I cannot attached it here because of the size - please use the download option or access the patch directly using this "link":https://gitlab.com/redmine-org/redmine/merge_requests/8.diff) that updates jQuery to version 2.2.4. Because we didn't check the entire JS code, I propose to use the "jQuery Migrate":https://github.com/jquery/jquery-migrate/#readme library which will help us identifying all the issues that we need to fix before moving to next major version. I think it's safe to commit this as soon as possible and report the issues found by the library.
Hopefully, we can migrate to jQuery 3 or 4 (which is under development) in Redmine version:"4.2.0" or version:"5.0.0".
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Marius BALTEANU wrote:
> I think it's safe to commit this as soon as possible and report the issues found by the library.
Setting the target version to 4.1.0. Thank you for working hard on this.
--------------------------------------------------------------------------------
Committed the patch. Thank you.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
related_issues
relates,Closed,31884,Fix JQMIGRATE: jQuery.fn.load() is deprecated
relates,Closed,31870,Remove deprecated .zIndex() method
relates,Closed,31894,Fix "jQuery.fn.attr('selected') might use property instead of attribute"
Admin Redmine さんが3年以上前に更新
- カテゴリ を Third-party libraries_47 にセット
- 対象バージョン を 4.1.0_127 にセット