Security Risk: 
Not Critical
Vulnerability: 
Other
Affected Versions: 

Up to v4.7.21

 

Fixed Versions: 

v4.7.21

Publication Date: 
Wednesday, July 5, 2017
Description: 

CiviCRM includes a number of Javascript libraries. An automated assessment indicated that some these libraries had security issues. CiviCRM v4.7.21+ upgrades or removes multiple libraries.

Unfortunately, we could not obtain sufficient information about these issues to determine whether they cause actual vulnerabilities in CiviCRM.

Solutions: 

Any ONE of these solutions:

Credits: 
  • Chris Burgess (Fuzion)
  • Seamus Lee (Australian Greens)
  • Tim Otten (CiviCRM)