[wp-trac] [WordPress Trac] #37110: Update to jQuery 3.*
WordPress Trac
noreply at wordpress.org
Fri Mar 23 13:40:34 UTC 2018
#37110: Update to jQuery 3.*
-------------------------------------------------+-------------------------
Reporter: jorbin | Owner:
Type: task (blessed) | Status: new
Priority: normal | Milestone: Future
Component: External Libraries | Release
Severity: critical | Version:
Keywords: early has-patch needs-testing | Resolution:
needs-dev-note needs-screenshots needs- | Focuses: javascript
refresh |
-------------------------------------------------+-------------------------
Comment (by zakkath):
Replying to [comment:33 bigcloudmedia]:
> I have clients for whom PCI DSS compliance is a requirement, and in
their most recent scan they got flagged for the jQuery library in WP Core,
with the instruction to upgrade to 3.0.0 or higher, in order to fix '''CVE
2015-9251''' and '''CVE 2016-10707'''. Is there any way to fast track
this change so that other people with similar requirements don't get
stuck?
You might want to implement a plugin that de-registers `jquery` in
WordPress and re-registers it either with a CDN copy of jQuery v3.x or
include a copy with the plugin. That will get them compliant in that
regard ASAP.
It is odd to note that there does not seem to be much movement on this
issue. @adamsilverstein put out a patch for testing and that was the last
thing... 4 months ago.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37110#comment:34>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list