jQuery Security Vulnerability

[ChemiKyle]

faq-menu-module/configure.php

Line 36 in 6c46dd4

<script type="text/javascript" src="<?=$module->getUrl('js/jquery-3.3.1.min.js')?>"></script>

faq-menu-module/private_config.php

Line 38 in 6c46dd4

<script type="text/javascript" src="<?=$module->getUrl('js/jquery-3.3.1.min.js')?>"></script>

jQuery versions 3.4 and lower are vulnerable to XSS attacks, please update to 3.7.1.

jQuery Cleanup Guidelines

Update Instructions

1. Update to latest version of jQuery (3.71). You should try to use the version of jQuery bundled with REDCap or WordPress theme.
2. Test to make sure no breaking changes.
3. If making a major version change or you run into issues with the new version, reach out to supervisor about getting budget from the module/plugin owner.
4. Update the spreadsheet indicating the issue has been resolved .
5. If module is public, create a release and make a submission to the public repo

Spreadsheet of jQuery Issues: jQuery Updates.xlsx

Key Dates

11/11/2024 - Developers Deputized to fix issues with spreadsheet

11/20/2024 - Deadline for removing old module versions/minor version updates/budget request:

12/13/2024 - Deadline for major version updates

Clearing out old versions

If there’s not a good reason to keep old module versions, delete all module versions except the most recent two. The “Delete Versions” dialog on the EM Manager page in the Control Center can speed this up. Make sure to clear out on both Test and Prod.
Note: Anything deployed manually will need to be deleted via rm –rf