lprivette
commented
3 years ago So do they want the latest version of jquery? Or do they list 'safe' versions we can attempt to upgrade to?
Closed aaronstephenson closed 3 years ago
lprivette
commented
3 years ago So do they want the latest version of jquery? Or do they list 'safe' versions we can attempt to upgrade to?
aaronstephenson
commented
3 years ago It doesn't specify a particular version, tho in the "references" section it has links to 3.5 (and 3.6 was just released). I thought jQuery maintained a few parallel series, so that you can maybe update within the 2.x without needing to refactor for the 3.x series... but maybe that was just when it was 1.x and 2.x, since I see that 2.x hasn't been updated in 5 years :neutral_face:. Here's the full report for this vulnerability:
lprivette
commented
3 years ago @HansVraga would it be ok to simply retire this app? It is no longer used in FEV. We've just kept it live incase something went wrong with us bring that info into the popup in FEV, but I think enough time has passed with 0 issues.
HansVraga
commented
3 years ago ☠️
lprivette
commented
3 years ago @aaronstephenson I have downloaded the files for stnpublicinfo and stnpublicinfo2 from s3. Would you please delete them? They are in the stn.wim.usgs.gov bucket.
@HansVraga Should I archive these repositories? It'd be this one and https://github.com/USGS-WiM/STNPublicInfo2.0
HansVraga
commented
3 years ago yes, archive. Nice job recognizing we could clean this up EL!
lprivette
commented
3 years ago Ok will wait until this issue is closed and then archive repo
aaronstephenson
commented
3 years ago I deleted both of those buckets, and I also deleted the virtual directory on Toad named 'stnpublicinfo'. That'll do it!
(Looks like stnpublicinfo2 was never actually used? There's nothing on Toad referencing it. In any case, it's not accessible now if it ever was.)
Acunetix scan reports this app is using jQuery 2.2.3 and should be updated. This is a Medium vulnerability and should be a priority.