You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A ZAP (https://www.zaproxy.org/) security scan of an Apache virtualhost I set up myself hosting weewx reports which are running this skin shows that the following included JS libs are out of date and known to be insecure:
Even if they are relatively minor, I would personally not want to publish a site to the public Internet with these versions of the libs just as a paranoid security precaution.
Is a new version or otherwise a maintenance release planned to fix this?
WORKAROUND:
In the meantime, I have fixed my own instance by obtaining the latest versions of the libs and replaced the affected files in the appropriate skin directory which are at time of writing:
jquery v3.6.4
mdb v6.2.0
moment v2.29.4
These appear to be a simple drop-in replacement but I am NOT a web developer so cannot confirm that this method will work everywhere/on all systems, nor that I have tested ALL functions of the skin personally - I only display basic data pretty much with "out of the box" config.
The text was updated successfully, but these errors were encountered:
A ZAP (https://www.zaproxy.org/) security scan of an Apache virtualhost I set up myself hosting weewx reports which are running this skin shows that the following included JS libs are out of date and known to be insecure:
Found at js/jquery.min.js - jquery (v3.4.1)
Vulns:
Found at js/mdb.min.js - the vuln here is actually in chart.js (v2.7.3) which is a dependency that MDB pulls in
Vuln:
Found at js/vendor/moment.min.js (v.2.29.1)
Vulns:
Even if they are relatively minor, I would personally not want to publish a site to the public Internet with these versions of the libs just as a paranoid security precaution.
Is a new version or otherwise a maintenance release planned to fix this?
WORKAROUND:
In the meantime, I have fixed my own instance by obtaining the latest versions of the libs and replaced the affected files in the appropriate skin directory which are at time of writing:
jquery v3.6.4
mdb v6.2.0
moment v2.29.4
These appear to be a simple drop-in replacement but I am NOT a web developer so cannot confirm that this method will work everywhere/on all systems, nor that I have tested ALL functions of the skin personally - I only display basic data pretty much with "out of the box" config.
The text was updated successfully, but these errors were encountered: