Update jquery-ui and jquery-ui-dialog due to high rated CVEs #13598
Labels
answered
For when a question was asked and we referred to forum or answered it.
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
There is a neat little helper for testing for JS dependencies with security flaws (retirejs).
In Matomo are two libraries used that have a high CVE rating (score above 7.0):
jquery-ui 1.10.4 (CVE-2016-7103)
jquery-ui-dialog 1.10.4 (CVE-2016-7103)
There are some more libraries with medium CVEs and some really high CVEs in the tests, but these should be reviewed independently.
Complete scan: matomo.retirejs.txt
The text was updated successfully, but these errors were encountered: