Skip to content

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

Sign in

Sign up

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

ctcpip / jquery-security-patches Public

forked from jquery/jquery

Notifications You must be signed in to change notification settings
Fork 0
Star 2

Code
Issues 1
Pull requests 9
Actions
Projects
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Security
Insights

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[meta] project todos, status, issues #4

Open

5 of 18 tasks

ctcpip opened this issue Feb 15, 2024 · 0 comments

Open

5 of 18 tasks

[meta] project todos, status, issues #4

ctcpip opened this issue Feb 15, 2024 · 0 comments

Comments

Copy link

Owner

ctcpip commented Feb 15, 2024 •

edited

Loading

EOL jQuery security project

updating jQuery

Note

reviewers needed for jQuery code changes, especially where patch was not sourced from future jQuery versions. also assess whether any additional unit tests are needed.

fix all CVEs in 1.2.6 #2
fix all CVEs in 1.3.2 #3
- can't run jQuery QUnit tests yet, but A/B tests pass
fix all CVEs in 1.4.4 #5
fix all CVEs in 1.5.2
fix all CVEs in 1.6.4 #1
fix all CVEs in 1.7.2
fix all CVEs in 1.8.3
fix all CVEs in 1.12.4
fix all CVEs in 2.2.4

A/B CVE testing

tests against every version are run on every push

A/B CVE test results

Note

reviewers needed for reproduction code, especially where CVEs were not reproducible with certain jQuery versions

reproduction code is here

review status of fixes per CVE

Note

there may be slight variations in fixes and tests across jQuery versions, though we have tried to minimize variation as much as possible

CVE-2011-4969
CVE-2012-6708
CVE-2015-9251
CVE-2019-11358
CVE-2020-7656
CVE-2020-11022
CVE-2020-11023
CVE-2020-23064

other goals

firefox coverage for CI

The text was updated successfully, but these errors were encountered:

All reactions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

No branches or pull requests

1 participant

Footer

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.

[meta] project todos, status, issues #4

[meta] project todos, status, issues #4

Comments

ctcpip commented Feb 15, 2024 • edited Loading

EOL jQuery security project

updating jQuery

A/B CVE testing

review status of fixes per CVE

other goals

ctcpip commented Feb 15, 2024 •

edited

Loading