Join the community today
Register Now

Wordpress Wordpress jQuery1.12.4 Vulnerability

Discussion in 'Blogs & CMS usage' started by EckyBrazzz, May 8, 2019.

  1. EckyBrazzz

    EckyBrazzz Active Member

    916
    189
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +362
    Local Time:
    8:23 PM
    Latest
    Latest
    @eva2000 new updates. The Latest version is 1.7.6 with some nice stuff. Added jQuery slim and small bug fixes. Compare link below
    centminmod/wp-jquery-manager

     
    Last edited: Jun 1, 2019
  2. eva2000

    eva2000 Administrator Staff Member

    53,209
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    9:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    thanks for heads up !
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,209
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    9:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    looks like a lot of changes and they updated to jquery 3.4.1 which really makes my forked version unnecessary now as whole point of my forked version was to update jquery 3.4.1. Though my forked version does have security patched versions of jquery 1.12.4 and 2.2.4 available.

    So I have updated my forked version 1.7.6-cmm.zip centminmod/wp-jquery-manager

    If you need to check difference between master and my forked version centminmod/wp-jquery-manager
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,209
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    9:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    cheers updated my 1.7.8-cmm release centminmod/wp-jquery-manager though really you'd want to use original wordpress plugin for this now that it's up to date - no guarantee i'll be maintaining the forked version :)

    difference between official 1.7.8 vs 1.7.8-cmm centminmod/wp-jquery-manager
     
  5. EckyBrazzz

    EckyBrazzz Active Member

    916
    189
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +362
    Local Time:
    8:23 PM
    Latest
    Latest
    Guess that sometimes a little reminder won't hurt ;)
     
  6. EckyBrazzz

    EckyBrazzz Active Member

    916
    189
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +362
    Local Time:
    8:23 PM
    Latest
    Latest
    Oeps...
     
  7. eva2000

    eva2000 Administrator Staff Member

    53,209
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    9:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    only with my fork or with original too ?
     
  8. EckyBrazzz

    EckyBrazzz Active Member

    916
    189
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +362
    Local Time:
    8:23 PM
    Latest
    Latest
    Only your forked one. The other runs fine.
     
  9. eva2000

    eva2000 Administrator Staff Member

    53,209
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    9:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    hmmm try redownloading 1.7.8-cmm.zip i did have last minute changes made but it was just removing a directory that was removed in upstream 1.7.8 so shouldn't have caused much in way of operation
     
  10. EckyBrazzz

    EckyBrazzz Active Member

    916
    189
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +362
    Local Time:
    8:23 PM
    Latest
    Latest
    Guess he also noticed some thing wrong... To bad the WP function only sends out 1 mail every 24 hours, even if you run into another issue. Missing the GitHub update button and pressing the update now gives the current original version. Project_CMM_7237.png
     
  11. eva2000

    eva2000 Administrator Staff Member

    53,209
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    9:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    ah that's probably why - so best to use original version and not my forked one now that the native plugin update system exists :)
     
  12. eva2000

    eva2000 Administrator Staff Member

    53,209
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    9:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  13. EckyBrazzz

    EckyBrazzz Active Member

    916
    189
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +362
    Local Time:
    8:23 PM
    Latest
    Latest
    @eva2000 Saw it, He e-mailed you and placed a request on GitHub, but also I am not an excellent PHP coder, most of the time I only consume it:)
     
  14. Remzi

    Remzi New Member

    8
    4
    3
    Jul 2, 2019
    Amsterdam, The Netherlands
    Ratings:
    +5
    Local Time:
    1:23 AM
  15. eva2000

    eva2000 Administrator Staff Member

    53,209
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    9:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  16. EckyBrazzz

    EckyBrazzz Active Member

    916
    189
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +362
    Local Time:
    8:23 PM
    Latest
    Latest
    @Remzi Noticed you pushed out many commits lately, keep up the good work!(y)(y)
     
  17. Remzi

    Remzi New Member

    8
    4
    3
    Jul 2, 2019
    Amsterdam, The Netherlands
    Ratings:
    +5
    Local Time:
    1:23 AM
    Thank you guys. @eva2000 I could give you direct push access to the repository. This way you could add precompressed gzip & brotli versions of jQuery for nginx and your jQuery fixes form your fork. I understand that you're not really a PHP developer, but you could help me with other things, like pr and releases. Overal I'm just a regular guy who wants to hulp other users.

    Also, you guys could help me with testing and feedback :)
     
    Last edited: Jul 2, 2019
  18. eva2000

    eva2000 Administrator Staff Member

    53,209
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    9:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    while i use github myself, I'd never had access to someone elses github repo for such management - so not sure it's a good idea for your repo to be my first time attempts ? if I mess things up ? :LOL: I use gui based sourcetree on windows for git repo management as well :)

    I'll do some isolated pull requests to your repo for the patched fix <3.4 versions first - seems like a safe compromise :)
     
  19. Remzi

    Remzi New Member

    8
    4
    3
    Jul 2, 2019
    Amsterdam, The Netherlands
    Ratings:
    +5
    Local Time:
    1:23 AM
    Hi @eva2000 It's no different than having your own repo, the only thing is that you need to take into account that others are also pushing to the same repo. That's why branches exits. For example, you want to work on some fix or feature. You create a branch (from master) and do a pull request (to master), the only step you skip is the forking process. The rest stays the same.

    I will grant you push access, it's much easier to work with.
     
  20. eva2000

    eva2000 Administrator Staff Member

    53,209
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    9:23 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    ok guess 1st time for everything - i did do a pull request prior and that seems to have failed travis-ci jquery patch fixed 1.12.4 & 2.2.4 for CVE-2019-11358 by centminmod · Pull Request #13 · Remzi1993/jquery-manager