CiviCRM includes a number of Javascript libraries. An automated assessment indicated that some these libraries had security issues. CiviCRM v4.7.21+ upgrades or removes multiple libraries.
Unfortunately, we could not obtain sufficient information about these issues to determine whether they cause actual vulnerabilities in CiviCRM.
Up to v4.7.21
v4.7.21
Any ONE of these solutions:
- Upgrade to v4.7.21+
-
Backport several patches:
- Apply https://github.com/civicrm/civicrm-core/pull/10425
- Apply https://github.com/civicrm/civicrm-core/pull/10494
- Apply https://github.com/civicrm/civicrm-core/pull/10495
- Apply https://github.com/civicrm/civicrm-packages/pull/188
- Execute bower and composer to install the updated libraries
- Chris Burgess (Fuzion)
- Seamus Lee (Australian Greens)
- Tim Otten (CiviCRM)