old jquery is back again
-
We're getting flagged by scanners for old jquery. According to this issue tracker, https://redmine.pfsense.org/issues/10676 it was updated.
A fresh install of pfSense 2.4.5-p1 still has jquery 3.4.1 included with it and is failing security scans.
Did this not get fixed in pfsense free version?
Thanks,
Chuck -
That redmine you linked to lists 2.5 as the target version..
Why would you think they updated 2.4.5 from that redmine?
-
Because I just got excited about the search results and didn't notice that.... :-(
My bad. Sorry.
-
Yeah looks like https://redmine.pfsense.org/issues/9407
Puts it at 3.4.1 which if you look here
/usr/local/www/vendor/jquery
That is what it looks to be on 2.4.5p1
-
@crock2348 I just came up against this. You can still apply the changes at https://redmine.pfsense.org/projects/pfsense/repository/revisions/e2e4c0d5452f36a3e468e43a78f2cc5316e34174/diff manually to 2.4.5-p1 which should pass the scanner