Search...
Toggle theme

jQuery 1.7.X

Release Notes

1.7.4

Notes

  • This release was the first release in the 1.7.x NES line where the Semantic Versioning was updated.
  • Full Version: 1.7.2-jquery-1.7.4

Bug Fixes

  • Removed doc references to an outdated and now malicious site (BDSA-2021-3651)

1.7.3

Notes

  • Only non-functional files (licensing, copyright, packaging, etc) required for NES distribution were changed.
  • Full Version: 1.7.3

Bug Fixes

  • Wrap <option> element to prevent executing untrusted code
    • This fixes a Moderate Severity Potential XSS vulnerability (CVE-2020-11023)
  • Remove whitespace from <script> elements to prevent execution of arbitrary JavaScript
    • This fixes a Moderate Severity Potential XSS vulnerability (CVE-2020-7656)
  • Remove instances where HTML (from untrusted sources) is passed into a manipulation method
    • This fixes a Moderate Severity Potential XSS vulnerability (CVE-2020-11022)
  • Prevent Object.prototype pollution
    • This fixes a Moderate Severity XSS in jQuery vulnerability (CVE-2019-11358)
  • Strict HTML recognition (#11290: must start with <)
    • This fixes a Moderate Severity XSS in jQuery vulnerability (CVE-2012-6708)
  • Avoid XSS via location.hash
    • This fixes a Moderate Severity XSS in jQuery vulnerability (CVE-2011-4969)
  • Prevent auto-execution of scripts when no explicit dataType was provided
    • This fixes a Moderate Severity Cross-Site Scripting (XSS) vulnerability (CVE-2015-9251)