Open Closed

Jquery Datatables.net #6468

User avatar
0
Anjaneyulu created
  • ABP Framework version: v5
  • UI Type: MVC
    • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

We have created a dotnet project with earlier versions of ABP framework on dotnet 3 and later upgraded the dotnet version to 5 and lepton theme with ABP framwork 5.

Now the issue is our client has raised a black box pointer regarding the datatables.net version of the jquery.

*** The below POC describes that Application is using vulnerable version of datatables.net v1.10.22 below mentioned is the cve id for it: jquery datatables.net v1.10.22 :- CVE-2020-28458,CVE-2021-2344 ***

I need to updagrade the jquery& datatable.net version with out disturbing any other things as the application in production. I need to make sure resolve the pointer in the best way possible. attaching here with the screenshots for your reference.

I do see the follwing in the yarn.lock file :

"@abp/datatables.net-bs4@~3.3.2": version "3.3.2" resolved "https://registry.yarnpkg.com/@abp/datatables.net-bs4/-/datatables.net-bs4-3.3.2.tgz#8f55957f2d9e1558ebef2e42e2661573d7d76447" integrity sha512-oERUHVPldaVL5z4CJX6cFkSBoa5IQUEYyyxGiV8zJ/mzZ7uiV2+hMrSP90R9J4625op9rU2+OJpDoZaj6wsULQ== dependencies: "@abp/datatables.net" "~3.3.2" datatables.net-bs4 "^1.10.21"

"@abp/datatables.net@~3.3.2": version "3.3.2" resolved "https://registry.yarnpkg.com/@abp/datatables.net/-/datatables.net-3.3.2.tgz#7a396dd06f4c7cddae534a59f9b21036b26d234a" integrity sha512-huB1A8aXDpS1CdE4t2NukZxTZnOuGy+8nRGlKVI3kMDD4tRveX5ITfgPEAY/CckcbSwjFP2zqbmFZiuqim7FaQ== dependencies: "@abp/jquery" "~3.3.2" datatables.net "^1.10.21"

Thanks & Appreciate your response ASAP.

Go to accepted answer
5 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can restore a specific version of the packages by editing your YourProject.Web/package.json

    add resolutions section and then run abp install-libs command.

    {
  "version": "0.1.0",
  "name": "abpio-account-web",
  "private": true,
  "dependencies": {
    /...
  },
  "resolutions": {
    "jquery": "3.7.1",
    "datatables.net": "1.13.8"
  }
}
  • User Avatar
    0
    Anjaneyulu created

    Thank you for prompt response . Will check and update you.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    : )

  • User Avatar
    0
    Anjaneyulu created

    If i have to give the updated files after install libs, what are the minimum file i need to share from the publish folder to client.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Run abp install-libs command the new js and css files will move to wwwroot folder.

    so you only need to make this folder correctly.

Assignee
User avatar maliming
Labels
Non yet
Made with ❤️ on ABP v8.2.0-preview Updated on March 25, 2024, 15:11