CIVI-SA-2017-08: Upgrade multiple JS libraries

CiviCRM includes a number of Javascript libraries. An automated assessment indicated that some these libraries had security issues. CiviCRM v4.7.21+ upgrades or removes multiple libraries.

Unfortunately, we could not obtain sufficient information about these issues to determine whether they cause actual vulnerabilities in CiviCRM.

Security Risk

Not Critical

Vulnerability

Other

Affected Versions

Up to v4.7.21

Fixed Versions

v4.7.21

Solutions

Any ONE of these solutions:

Upgrade to v4.7.21+
Backport several patches:
- Apply https://github.com/civicrm/civicrm-core/pull/10425
- Apply https://github.com/civicrm/civicrm-core/pull/10494
- Apply https://github.com/civicrm/civicrm-core/pull/10495
- Apply https://github.com/civicrm/civicrm-packages/pull/188
- Execute bower and composer to install the updated libraries

Credits

Chris Burgess (Fuzion)
Seamus Lee (Australian Greens)
Tim Otten (CiviCRM)

CIVI-SA-2017-08: Upgrade multiple JS libraries

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM

Languages

CIVI-SA-2017-08: Upgrade multiple JS libraries

WORK WITH A TRUSTED EXPERT TO SETUP YOUR CIVICRM

WORK WITH A TRUSTED EXPERT
TO SETUP YOUR CIVICRM