our current installation of Nagios XI 5.6.7 is marked as insecure:
jQuery Prior to 3.4.0 Cross-Site Scripting Vulnerability
Are there any plans to upgrade jQuery?
Nagios XI is marked as insecure
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: Nagios XI is marked as insecure
Hello @wagnbeu0,
We generally don't immediately upgrade jQuery to ensure compatibility with older browsers. If you have any specifics as to which vulnerability in jQuery for the development team that would be appreciated.
That said, we're planning to upgrade this in the next release assuming we don't experience any issues in QA.
Let us know if you have any questions.
We generally don't immediately upgrade jQuery to ensure compatibility with older browsers. If you have any specifics as to which vulnerability in jQuery for the development team that would be appreciated.
That said, we're planning to upgrade this in the next release assuming we don't experience any issues in QA.
Let us know if you have any questions.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Nagios XI is marked as insecure
Hello,
Thanks for reporting this, the developers will need to upgrade/patch the version we include to resolve this, they expect it to be included in the next release of XI, both the 1.12.4 and 3.3.1 versions should be patched.
I've submitted this to [email protected] on your behalf, please send future vulnerability discoveries to [email protected] as per the below process:
Reporting Security Vulnerabilities
https://www.nagios.com/products/security/
You can technically patch it via these commands:
*** NOTE: This github repo was linked to here: https://bugzilla.redhat.com/show_bug.cgi?id=1701972
It is up to you whether you follow these instructions (trusting the repository and author) or whether you implement the patches yourself ***
Thanks for reporting this, the developers will need to upgrade/patch the version we include to resolve this, they expect it to be included in the next release of XI, both the 1.12.4 and 3.3.1 versions should be patched.
I've submitted this to [email protected] on your behalf, please send future vulnerability discoveries to [email protected] as per the below process:
Reporting Security Vulnerabilities
Taken from here:At Nagios, we make security a priority. We strive to patch any security issues in a timely manner. We highly recommend using the latest versions available of our software. The latest versions will include security fixes that remediate the vulnerabilites shown below.
Please send security vulnerabilities found in any of the Nagios commercial products and security related emails to [email protected]. All non-security related bug reports should be given through a Support Ticket or through a post on the Support Forum.
https://www.nagios.com/products/security/
You can technically patch it via these commands:
*** NOTE: This github repo was linked to here: https://bugzilla.redhat.com/show_bug.cgi?id=1701972
It is up to you whether you follow these instructions (trusting the repository and author) or whether you implement the patches yourself ***
Code: Select all
cd /tmp
wget https://raw.githubusercontent.com/DanielRuf/snyk-js-jquery-174006/master/jquery-1.12.4.min.patch
wget https://raw.githubusercontent.com/DanielRuf/snyk-js-jquery-174006/master/jquery-3.3.1.min.patch
patch -p1 /usr/local/nagiosxi/html/includes/js/jquery/jquery-1.12.4.min.js jquery-1.12.4.min.patch
patch -p1 /usr/local/nagiosxi/html/includes/js/jquery/jquery-3.3.1.min.js jquery-3.3.1.min.patch