mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexander Rojas (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MESOS-8057) Apply security patches to AngularJS and JQuery in the Mesos UI
Date Wed, 18 Oct 2017 14:39:00 GMT

    [ https://issues.apache.org/jira/browse/MESOS-8057?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16209438#comment-16209438
] 

Alexander Rojas commented on MESOS-8057:
----------------------------------------

Changes landed in Mesos master branch. They will be part of next Mesos bump on DC/OS

{noformat}
commit b0a660bb1811c0144cba781482b1ce4573e685b3
Author:     Alexander Rojas <alexander@mesosphere.io>
AuthorDate: Wed Oct 18 12:11:05 2017 +0200
Commit:     Alexander Rojas <alexander@mesosphere.io>
CommitDate: Wed Oct 18 16:33:19 2017 +0200

    Upgrades jQuery used by Mesos WebUI to version 3.2.1.

    The version of jQuery distributed with Mesos (1.7.1) was found to have
    security issues which have been addressed in latter versions.

    Review: https://reviews.apache.org/r/63101
{noformat}
{noformat}
commit 1b5a4e77e55f5c8665526294626a66905569a284 (HEAD -> master, upstream/master)
Author:     Alexander Rojas <alexander@mesosphere.io>
AuthorDate: Wed Oct 18 12:11:40 2017 +0200
Commit:     Alexander Rojas <alexander@mesosphere.io>
CommitDate: Wed Oct 18 16:33:37 2017 +0200

    Upgrades AngularJS used by Mesos WebUI to version 1.2.32.

    The version of AngularJS distributed with Mesos (1.2.3) was found to
    have security issues which have been addressed in latter versions.

    Review: https://reviews.apache.org/r/63102
{noformat}

> Apply security patches to AngularJS and JQuery in the Mesos UI
> --------------------------------------------------------------
>
>                 Key: MESOS-8057
>                 URL: https://issues.apache.org/jira/browse/MESOS-8057
>             Project: Mesos
>          Issue Type: Bug
>          Components: webui
>    Affects Versions: 1.4.0
>            Reporter: Alexander Rojas
>            Assignee: Alexander Rojas
>            Priority: Blocker
>              Labels: mesosphere
>             Fix For: 1.5.0
>
>
> Running a security tool returns:
> {noformat}
> Evidence 
> Vulnerable libraries were found: 
> https://admin.kpn-dsh.com/mesos/static/js/angular-1.2.3.min.js https://admin.kpn-dsh.com/mesos/static/js/angular-route-1.2.3.min.js
 https://admin.kpn-dsh.com/mesos/static/js/jquery-1.7.1.min.js 
> More information about the issues can be found at: - https://github.com/angular/angular.js/blob/master/CHANGELOG.md
- http://bugs.jquery.com/ticket/11290 
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message