Security issues for jQuery < 3.5.0
octaroot opened this issue · comments
Martin Černáč commented
According to the CVE report, jquery version < 3.5.0 with a security risk.
https://www.cvedetails.com/cve/CVE-2020-11022/
https://www.cvedetails.com/cve/CVE-2020-11023/
Could we please have an update to 3.6.0?
Thank you.
Martin Černáč commented
Sorry, I should clarify - could the 3.6.0 please be marked as a release on GitHub? Changes are otherwise not distributed to https://packagist.org/packages/components/jquery
Bruce Wells commented
Can we get a release tag for 3.6.0? Looks like it was merged back in March, but latest tag is 3.5.1.
Thanks!
Martin Černáč commented
Ignored by maintainers, but resolved by adding a tag for 3.6.0.
Closing