Issue a security advisory for versions < 4.4.0 #275
Comments
|
Ping @carlosantoniodasilva since you prepped the release |
jonleighton
changed the title
|
bump -- the currently bundled versions of jQuery have security vulnerabilities as well. |
|
@waissbluth do you have links, please? @jonleighton my apologies, this totally fell off my radar, but I'll see what I can do. |
|
@carlosantoniodasilva I realize now that jQuery 1 and 2 are no longer being patched so even though there are vulnerabilities there no minor version to upgrade to. thanks |
|
@waissbluth thanks. It looks like someone sent a PR to update the libraries shipped with jquery-rails with those patches: #281, maybe that's something we can do. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The latest 4.4.0 release bumps the jQuery version to fix a security vulnerability. Issuing a GitHub security advisory for this project would enable GitHub's security tooling to pick up that users on earlier versions have a vulnerable dependency.
The text was updated successfully, but these errors were encountered: