Recent Topics

1 Jun 08, 2020 11:01    

Hello,

I run webpagetest.org and got a warning, that there a security vulnerabilites (see screenshot).
Is there a way to update bootstrap from 3.3.7 in 6.11.5?
And also to update jquery from 1.12.4

Would be great to get an answer.

Thanks and Regards, Will

2 Jun 08, 2020 11:02

Here is the screenshot

3 Jun 08, 2020 22:54

Hi You don't say how much you looked into the details of the vulnerabilities so the following may be stuff you know or don't want to know.

Here's some info on bootstrap 3.3.7
https://stackoverflow.com/questions/52388366/is-bootstrap-3-3-7-safe-and-secured-if-data-target-attribute-is-unused

and some on jquery 1.12.4
http://www.sjoerdlangkemper.nl/2017/09/27/some-libraries-evaluate-remote-javascript/

I'm running b2evo 7.1.5 and ran one of my sites through https://webpagetest.org/ but didn't get any warnings, so maybe I'm missing something. How did you use the site?

4 Jun 09, 2020 11:06

@amoun You are running 7.1.5 - I am running 6.11.5 so may be your version uses a recent version of bootstrap and jquery.
I used webpagetest as is has to. Entered the link to the website, have chosen Frankfurt and Chrome and got a report. This report showed an "E" towards System Security Scoring (see screenshot below). Clicking on that "E" to get more information I got that detailed report I posted as a screenshot above.

5 Jul 23, 2020 02:19

Yes those libraries have been updated in b2evo v7.

6 Jul 23, 2020 10:08

@fplanque Is it possible to update those libraries manually for 6.11.5 ?

(I changed my upgrade praxis experiencing several problems after each. The version 6.11.5 and some adtaptions work fine for me and whenever it is possible I'll keep it. But I try to fix security matters. So I would appreciate help how to update those libraries and I think many others would appreciate it, too.)

Thanks in advance, Will


Form is loading...

b2 – This forum is powered by b2evolution CMS, a complete engine for your website.