Forum Replies Created

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • in reply to: Update Jquery in the documentation #1374415

    The files in dev folder are included in the installation (not like the documentations) when adding the theme to a WordPress installation. And can be accessed from internet. For example, /wp-content/themes/enfold/dev/readme.txt

    As I see it, there is no point to use old unsecure decencies even if the main code doesn’t use it. Especially when the unsecure files are accessible from internet and when there a new version to update it too.

    Also, when scanning for vulnerabilities for my client of plugins they will come up and mess my list of urgent CVE of plugins. Therefore, it would it be great if you could update in future. ;) I know there are workarounds I can do to solve it, but I prefer to use the fix it how it should be done, updating to never versions.
    Thanks!

    in reply to: Update Jquery in the documentation #1374057

    Hi,

    True, its only documentation but it’s better to have a more secure version of it even if it’s a low prio.

    There also two more founds when checking Vulnerable Dependencies for my client of the files:

    enfold\dev\package-lock.json?glob-parent
    (Email address hidden if logged out) (Confidence:Highest)
    CVE-2020-28469 (OSSINDEX)

    enfold\dev\package-lock.json?terser
    (Email address hidden if logged out) (Confidence:Highest)
    NPM-1081699

    Would ge great if you could clean/update the Vulnerable Dependencies.
    Thanks!

    • This reply was modified 2 years ago by testq1.
Viewing 2 posts - 1 through 2 (of 2 total)