Unsafe jQuery v3.4.1 version being used

key-networks / ztncui

ZeroTier network controller UI

GNU General Public License v3.0

1.58k stars 234 forks source link

Unsafe jQuery v3.4.1 version being used #98

Closed TeamCorgo closed 1 year ago

TeamCorgo commented 1 year ago

NESSUS scanner found CVE-2020-11022 & CVE-2020-11023 vulnerabilities

key-networks commented 1 year ago

Upgrading jquery...

key-networks commented 1 year ago

@TeamCorgo and anyone else willing to test this update to address the jquery vulnerability: v0.8.10 is available for testing. The DEB package is here: https://s3-us-west-1.amazonaws.com/key-networks/deb/ztncui/1/x86_64/ztncui_0.8.10_amd64.deb

The RPM can be installed with: sudo dnf --enablerepo=ztncui-testing upgrade ztncui

Feedback would be appreciated.

ali-95 commented 1 year ago

веб страница не открывается ztncui если поставить старую версию то работает нормально

the web page does not open ztncui if you install the old version it works fine

key-networks commented 1 year ago

@ali-95 could you please give more details - what Linux distribution and version are you using?

ali-95 commented 1 year ago

Proxmox lxc

Static hostname: n/a
Transient hostname: Zerotier
         Icon name: computer-container
           Chassis: container
        Machine ID: 0685e4ea06e840a98e27a6ba5b8f9b6d
           Boot ID: e55cd5724b7242efa71302001c505449
    Virtualization: lxc
  Operating System: AlmaLinux 8.4 (Electric Cheetah)
       CPE OS Name: cpe:/o:almalinux:almalinux:8.4:GA
            Kernel: Linux 5.15.74-1-pve
      Architecture: x86-64

key-networks commented 1 year ago

I will download AlmaLinux and investigate further.

ali-95 commented 1 year ago

я попробую снова сделать может я что то не то сделал I'll try to do it again maybe I did something wrong

key-networks commented 1 year ago

No, I think I know what the problem is - argon2 is compiled using a later version of g++ and libstdc++.

key-networks commented 1 year ago

@ali-95 please try the latest build (v0.8.11).

The DEB package is here: https://key-networks.s3.us-west-1.amazonaws.com/deb/ztncui/1/x86_64/ztncui_0.8.11_amd64.deb

The RPM can be installed with: sudo dnf --enablerepo=ztncui-testing upgrade ztncui

Feedback would be appreciated. This update resolves an issue running on older Linux distributions.

ali-95 commented 1 year ago

Works Работает

  Running scriptlet: ztncui-0.8.6-1.x86_64                                                  2/2 
  Cleanup          : ztncui-0.8.6-1.x86_64                                                  2/2 
  Running scriptlet: ztncui-0.8.6-1.x86_64                                                  2/2 
  Verifying        : ztncui-0.8.11-1.x86_64                                                 1/2 
  Verifying        : ztncui-0.8.6-1.x86_64                                                  2/2 

Upgraded:
  ztncui-0.8.11-1.x86_64                                                                   
Complete!

[root@Zerotier ~]# systemctl status ztncui
● ztncui.service - ztncui - ZeroTier network controller user interface
   Loaded: loaded (/usr/lib/systemd/system/ztncui.service; enabled; vendor preset: disabled)
  Drop-In: /run/systemd/system/ztncui.service.d
           └─zzz-lxc-service.conf
   Active: active (running) since Mon 2023-03-06 08:15:48 UTC; 2min 17s ago
     Docs: https://key-networks.com
 Main PID: 2569 (ztncui)
    Tasks: 10 (limit: 49568)
   Memory: 71.9M
   CGroup: /system.slice/ztncui.service
           └─2569 /opt/key-networks/ztncui/ztncui

key-networks commented 1 year ago

Thanks for testing.

key-networks commented 1 year ago

ztncui-0.8.11-1.x86_64 has been moved to production download. For installation/upgrade instructions, please see: https://key-networks.com/ztncui/