action #106508
Updated by tjyrinki_suse over 2 years ago
Hi there, I hope, I'm right with expecting the main 'users' of the html5test application here. If not, feel free to redirect me to the correct place. jQuery < 1.9.0 is vulnerable to CVE-2012-6708, but html5test.opensuse.org provides https://html5test.opensuse.org/scripts/jquery/jquery-1.7.2.min.js As I could not find a reference in the main page pointing to this file, I would expect that you can simply delete it. But it is also possible to upgrade to a newer version (like jquery-1.9.1.min.js). It also seems, that the page is not developed any longer (since 2018 - as mentioned [here](https://github.com/WebPlatformTest/HTML5test/issues/569) as well). Maybe it's time to check for another test page? Our current production system works with https://github.com/openSUSE/HTML5test - any changes pushed there should end up in the production system two hours later. Regards, Lars ## Acceptance Criteria AC1: Remove jquery if it is not needed, or update it if it is needed. Currently when loading the page jquery is not loaded, so it looks like it coudl be removed. AC2: Keep the page more or less working ## Additional Suggestions You may look if newer versions/forks is available, but removing the flawed jquery is priority.