action #106508
open[opensuse][desktop][qe-core] html5test.opensuse.org provides vulnerable jquery-1.7.2.min.js
0%
Description
Hi there,
I hope, I'm right with expecting the main 'users' of the html5test application here. If not, feel free to redirect me to the correct place.
jQuery < 1.9.0 is vulnerable to CVE-2012-6708, but html5test.opensuse.org provides
https://html5test.opensuse.org/scripts/jquery/jquery-1.7.2.min.js
As I could not find a reference in the main page pointing to this file, I would expect that you can simply delete it. But it is also possible to upgrade to a newer version (like jquery-1.9.1.min.js).
It also seems, that the page is not developed any longer (since 2018 - as mentioned here as well). Maybe it's time to check for another test page?
Our current production system works with https://github.com/openSUSE/HTML5test - any changes pushed there should end up in the production system two hours later.
Regards,
Lars
Acceptance Criteria¶
AC1: Remove jquery if it is not needed, or update it if it is needed. Currently when loading the page jquery is not loaded, so it looks like it coudl be removed.
AC2: Keep the page more or less working
Additional Suggestions¶
You may look if newer versions/forks is available, but removing the flawed jquery is priority.