Activities of "nhontran"

Hi, are following libraries used by the Identity Server only? • jQuery-form • jQuery-validate • Datatables • Lodash

Hi, The yarn file is what the source code scanning tool will scan, hence the version in the yarn file has to be updated as well.

We have another instance of ABP Framework running that is not using Angular, thus we care about it.

Hi, In addition, the version number with the fix has be reflected in the lib yarn file as well. How can this be done?

Hi,

1. As shared earlier, we have no immediate plan to upgrade yet.
2. If we use the script bundle to replace the jquery-form.min.js file, the fix has to be updated and reflected in https://security.snyk.io/vuln/SNYK-JS-JQUERYFORM-574783 to officiate it. Will it?

Hi,

1. This npm package has be installed in our current version of ABP Framework version 3.3.2. Can it be done?
2. This fix has to be updated in https://security.snyk.io/vuln/SNYK-JS-JQUERYFORM-574783. Will it be done?
3. When will this npm package be ready?

Hi, our source code scanning vendor has feedback that it is not possible to just replace the js file as it could be breaking out of the package management. And more importantly, this fix has not been officially accepted.

Could we have a more Zoom call on this so that we may explain our situation clearly and see how ABP can help to address?

Can you send us the above js file in jquery.form.min.js ?

Can ABP provide us a copy of jquery-form library with the fix?

Hi, what is this version? Has this version been officially opened for general consumption?

Thanks.

Hi,

This critical finding was flagged out after we have done what was advised on "https://github.com/abpframework/abp/pull/7753". As such, with regards to jQuery-form, can you confirm that the vulnerable functionality is not being used by the application?