[BUG REPORT] Outdated javascript libraries

aarpon / hrm

The Huygens Remote Manager is an open-source, efficient, multi-user web-based interface to the Huygens software by Scientific Volume Imaging for parallel batch deconvolutions.

http://huygens-rm.org

Other

8 stars 9 forks source link

[BUG REPORT] Outdated javascript libraries #6

Closed chdietrich closed 10 months ago

chdietrich commented 5 years ago

Describe the bug HRM 3.6.0 ships with outdated javascript libraries that are XSS vulnerable:

jqtree 1.1.0...: https://github.com/mbraak/jqTree/issues/437
jQuery 1.8.3...: https://www.cvedetails.com/vulnerability-list/vendor_id-6538/Jquery.html
jquery-ui 1.9.1: https://github.com/jquery/api.jqueryui.com/issues/281

Environment Server-side HRM 3.6.0

Additional context I have not checked whether this has an effect on HRM itself, if necessary I can take a closer look.

aarpon commented 5 years ago

Being worked on in branch bug/6.

Commit 68cac8fa: Upgrade jQuery to version 3.3.x (managed by composer), jQuery-UI to version 1.12.x (managed by composer) and jqTree to version 1.4.10 (direct download).

If you have a chance, please test (functionality and styling).

christianddietrich commented 5 years ago

If you have a chance, please test

I've noticed the following:

"Launch jobs" -> "Images available on server" stays empty after selecting "Image file format".

In the master branch the images are listed correctly. Thanks!