jQuery 1.7.X
Release Notes
1.7.4
Notes
- This release was the first release in the 1.7.x NES line where the Semantic Versioning was updated.
- Full Version:
1.7.2-jquery-1.7.4
Bug Fixes
- Removed doc references to an outdated and now malicious site (BDSA-2021-3651)
1.7.3
Notes
- Only non-functional files (licensing, copyright, packaging, etc) required for NES distribution were changed.
- Full Version:
1.7.3
Bug Fixes
- Wrap
<option>
element to prevent executing untrusted code- This fixes a Moderate Severity Potential XSS vulnerability (CVE-2020-11023)
- Remove whitespace from
<script>
elements to prevent execution of arbitrary JavaScript- This fixes a Moderate Severity Potential XSS vulnerability (CVE-2020-7656)
- Remove instances where HTML (from untrusted sources) is passed into a manipulation method
- This fixes a Moderate Severity Potential XSS vulnerability (CVE-2020-11022)
- Prevent Object.prototype pollution
- This fixes a Moderate Severity XSS in jQuery vulnerability (CVE-2019-11358)
- Strict HTML recognition (#11290: must start with <)
- This fixes a Moderate Severity XSS in jQuery vulnerability (CVE-2012-6708)
- Avoid XSS via location.hash
- This fixes a Moderate Severity XSS in jQuery vulnerability (CVE-2011-4969)
- Prevent auto-execution of scripts when no explicit dataType was provided
- This fixes a Moderate Severity Cross-Site Scripting (XSS) vulnerability (CVE-2015-9251)