View Issue Details

IDProjectCategoryView StatusLast Update
0019755phpList 3 applicationGeneralpublic15-03-19 18:20
Reportersamtuke 
PriorityhighSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
PlatformLinuxOSFedoraOS Version26
Product Version3.3.9 
Target Version3.4.0Fixed in Version 
Summary0019755: Update jQuery in phpList 3 core from 1.12.1 to 3.3.1
DescriptionScript: phplist-3.3.8\public_html\lists\admin\js

It looks like it is using the JQuery verison 1.7.1. It looks like there are security vulnerabilities for any version of Jquery before 1.9.0.

https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/version_id-235564/Jquery-Jquery-1.7.1.html 2

Update jQuery to the latest.

Originally reported by kgarland here: https://discuss.phplist.org/t/jquery-version-1-5-2/4957
Additional InformationThe new jQuery version files path: admin\ui\phplist-ui-bootlist\js directory.
Edited files: frontendfooter.php and footer_minified.inc
TagsNo tags attached.

Activities

duncanc

11-02-19 22:31

updater   ~0061875

The bootstrap theme also has jquery, in this case jquery-1.12.1.min.js

Maybe there is a way to rationalise these?

suela

01-03-19 16:06

administrator   ~0061955

PR: https://github.com/phpList/phplist3/pull/489

samtuke

04-03-19 09:00

administrator   ~0061958

@brunilda In git master, the language menu loads extended (dropdown visible). Is that a bug introduced by jQuery changes?

samtuke

04-03-19 09:03

administrator   ~0061959

Last edited: 04-03-19 09:03

View 2 revisions

@brunilda The following scripts appear to be loaded on every page on git master:

<!-- <script src="https://code.jquery.com/jquery-1.12.1.min.js?v=-dev"></script> -->
<!-- <script src="https://code.jquery.com/jquery-1.12.4.js?v=-dev"></script>  -->
<!--<script type="text/javascript" src="https://code.jquery.com/jquery-migrate-3.0.1.js"></script>-->

Are these supposed to be in production versions of phpList, and if so, why are they necessary?

xheni

06-03-19 21:06

administrator   ~0061979

On Subscriber profile page: Campaigns, Bounces and Subscription tabs are not working anymore in my installation.

brunilda

07-03-19 15:19

manager   ~0061990

To get fixed above issues, I`ve done the following:

-Fixed the dropdown language menu in sidebar.
-Deleted above script from files
-Tested the Subscriber profile page and works ok now.

suela

07-03-19 16:04

administrator   ~0061994

Ajax elements are having problems: including the template preview option.
FYI @samtuke

kgarland

08-03-19 22:12

reporter   ~0061996

It looks like there's another instance of an older version of Jquery in \phplist-3.4.0-RC1\public_html\lists\js

brunilda

11-03-19 14:47

manager   ~0062003

Last edited: 11-03-19 15:25

View 2 revisions

Checking public_html\lists\js directory for latest jQuery upgrade version.

brunilda

12-03-19 13:49

manager   ~0062008

Last edited: 13-03-19 14:16

View 2 revisions

@kgarland also, the instance in \phplist-3.4.0-RC1\public_html\lists\js has been updated with latest jQuery version.

Please check:
https://github.com/phpList/phplist3/pull/499