By: Mark Diender Account Admin 22 Dec 2016 at 9:23 a.m. CST

1 Response

A security audit which one of our customers ran on our system revealed Gluu is using an outdated Jquery library (v1.11.2). This version is vulnerable to the following exploit. https://github.com/jquery/jquery/issues/2432 Can someone confirm Gluu is vulnerable to this XSS-exploit? and if yes, is it possible to manually upgrade the used Jquery library to a version 1.12 or higher without breaking?

CentOS72

closed

By Sahil Arora user 26 Dec 2016 at 11:41 p.m. CST

Copy

Jquery library version has been updated to v1.12.4 in CE 3.0.0. Please refer [here](https://github.com/GluuFederation/oxAuth/issues/411)

You need to Login in order to post an answer

Jquery version used by gluu is outdated/vulnerable

By: Mark Diender Account Admin 22 Dec 2016 at 9:23 a.m. CST

Answers

By Sahil Arora user 26 Dec 2016 at 11:41 p.m. CST

Post an answer