Jquery vulnerability - Nagios LS

[Techmnagioslsuser]

Hello Team,
In vulnerability assessment for our production Nagios Log server installation , we see Jquery vulnerability.

"According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities. Upgrade to JQuery version 3.5.0 or later."

Please suggest how can we upgrade the Jquery.

Thanks

[ssax]

Development hasn't released a version yet with jquery upgraded, there was a feature request submitted for it already but it hasn't been implemented yet.

[Techmnagioslsuser]

Thanks for the update.

Do we have any tentative timeline for the upgraded version of Jquery.

Thanks

[dchurch]

No we do not have a tentative timeline for getting this patch out. The patch for this has not yet been written.

It'll more-likely-than-not be included in the next release of Nagios Log Server, but there's no guarantees. We tend to prioritize security fixes. Please keep in mind that the decision to implement the fix is at the discretion of our development team based on likelihood and severity of the security flaw.

You can view a release history here to give you an idea when that will happen. Also when we release a fix, that page will mention a jquery fix in the release notes.