Forum Replies Created

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • November 30, 2022 at 11:01 am in reply to: Update Jquery in the documentation #1374415
    testq1

    The files in dev folder are included in the installation (not like the documentations) when adding the theme to a WordPress installation. And can be accessed from internet. For example, /wp-content/themes/enfold/dev/readme.txt

    As I see it, there is no point to use old unsecure decencies even if the main code doesn’t use it. Especially when the unsecure files are accessible from internet and when there a new version to update it too.

    Also, when scanning for vulnerabilities for my client of plugins they will come up and mess my list of urgent CVE of plugins. Therefore, it would it be great if you could update in future. ;) I know there are workarounds I can do to solve it, but I prefer to use the fix it how it should be done, updating to never versions.
    Thanks!

    November 27, 2022 at 8:30 pm in reply to: Update Jquery in the documentation #1374057
    testq1

    Hi,

    True, its only documentation but it’s better to have a more secure version of it even if it’s a low prio.

    There also two more founds when checking Vulnerable Dependencies for my client of the files:

    enfold\dev\package-lock.json?glob-parent
    (Email address hidden if logged out) (Confidence:Highest)
    CVE-2020-28469 (OSSINDEX)

    enfold\dev\package-lock.json?terser
    (Email address hidden if logged out) (Confidence:Highest)
    NPM-1081699

    Would ge great if you could clean/update the Vulnerable Dependencies.
    Thanks!

    • This reply was modified 1 year, 12 months ago by testq1.
  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)