https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292018-01-30T11:05:15ZRedmineRedmine - Defect #26857: Fix for CVE-2015-9251 in JQuery 1.11.1https://www.redmine.org/issues/26857?journal_id=833992018-01-30T11:05:15ZJan from Planio www.plan.io
<ul><li><strong>File</strong> <a href="/attachments/19994">0001-Don-t-eval-cross-origin-requests-in-jQuery-26857.patch</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/19994/0001-Don-t-eval-cross-origin-requests-in-jQuery-26857.patch">0001-Don-t-eval-cross-origin-requests-in-jQuery-26857.patch</a> added</li><li><strong>Description</strong> updated (<a title="View differences" href="/journals/83399/diff?detail_id=66009">diff</a>)</li><li><strong>Status</strong> changed from <i>New</i> to <i>Resolved</i></li></ul><p>Gregor Schmidt has provided an unobtrusive fix which doesn't require a jQuery update. You can find it attached.</p> Redmine - Defect #26857: Fix for CVE-2015-9251 in JQuery 1.11.1https://www.redmine.org/issues/26857?journal_id=844002018-04-07T08:09:28ZJean-Philippe Langjp_lang@yahoo.fr
<ul><li><strong>Project</strong> changed from <i>2</i> to <i>Redmine</i></li><li><strong>Subject</strong> changed from <i>Vulnerable jquery 1.11.1</i> to <i>Fix for CVE-2015-9251 in JQuery 1.11.1</i></li><li><strong>Category</strong> set to <i>Security</i></li><li><strong>Status</strong> changed from <i>Resolved</i> to <i>Closed</i></li><li><strong>Assignee</strong> set to <i>Jean-Philippe Lang</i></li><li><strong>Target version</strong> set to <i>3.3.7</i></li><li><strong>Resolution</strong> set to <i>Fixed</i></li></ul><p>Committed, thanks.</p>