Feature #31196
closed
Updates jQuery to 2.2.4 and adds jQuery Migrate library
Added by Federico Vera over 5 years ago.
Updated about 5 years ago.
Category:
Third-party libraries
Description
The current version of jQuery used in Redmine (1.11.1) is a couple of years old, and plagued with known security vulnerabilities and some that are not listed in CVE.
jQuery itself releases a plugin called jQuery Migrate to help with the transition.
The question is, is there any plan to upgrade jQuery?
Federico Vera wrote:
The current version of jQuery used in Redmine (1.11.1) is a couple of years old, and plagued with known security vulnerabilities and some that are not listed in CVE.
jQuery itself releases a plugin called jQuery Migrate to help with the transition.
The question is, is there any plan to upgrade jQuery?
Hello there,
I am interested in this subject too, as we are using redmine 4.0.3 and security services are putting some pressure on us because of this vulnerability (they are asking me to shut the redmine system down).
Any plan to migrate to latest jQuery version?
Regards,
Philippe
- Tracker changed from Defect to Feature
- Assignee set to Marius BĂLTEANU
I've some work in progress on this topic.
- Assignee deleted (
Marius BĂLTEANU)
Here is a patch (I cannot attached it here because of the size - please use the download option or access the patch directly using this link) that updates jQuery to version 2.2.4. Because we didn't check the entire JS code, I propose to use the jQuery Migrate library which will help us identifying all the issues that we need to fix before moving to next major version. I think it's safe to commit this as soon as possible and report the issues found by the library.
Hopefully, we can migrate to jQuery 3 or 4 (which is under development) in Redmine 4.2.0 or 5.0.0.
- Related to Patch #31884: Fix JQMIGRATE: jQuery.fn.load() is deprecated added
- Related to Defect #31870: Remove deprecated .zIndex() method added
- Target version set to 4.1.0
Marius BALTEANU wrote:
I think it's safe to commit this as soon as possible and report the issues found by the library.
Setting the target version to 4.1.0. Thank you for working hard on this.
- Subject changed from jQuery version in use is old and insecure to Updates jQuery to 2.2.4 and adds jQuery Migrate library
- Status changed from New to Closed
- Assignee set to Go MAEDA
- Resolution set to Fixed
Committed the patch. Thank you.
- Related to Patch #31894: Fix "jQuery.fn.attr('selected') might use property instead of attribute" added
- Category changed from Security to Third-party libraries
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by