Skip to content

x/tools/cmd/godoc: jquery can be updated to a newer version #39535

New issue
New issue
Not planned
Not planned
x/tools/cmd/godoc: jquery can be updated to a newer version#39535
Assignees
adonovan
Labels
NeedsFixThe path to resolution is known, but the work has not been done.SecurityToolsThis label describes issues relating to any tools in the x/tools repository.
Milestone
 
Unreleased
@joegrasse

Description

@joegrasse
joegrasse
opened on Jun 11, 2020

The version of jquery in godoc is susceptible to a security vulnerability.

Activity

gopherbot
added
ToolsThis label describes issues relating to any tools in the x/tools repository.
on Jun 11, 2020
gopherbot
added this to the Unreleased milestone on Jun 11, 2020
toothrot
added
NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.
on Jun 12, 2020
toothrot

toothrot commented on Jun 12, 2020

@toothrot
toothrot
on Jun 12, 2020
Contributor

/cc @dmitshur

dmitshur

dmitshur commented on Jun 12, 2020

@dmitshur
dmitshur
on Jun 12, 2020
Member

Thanks for the report.

The godoc command does not have code paths that involve passing HTML from untrusted sources, so I don't believe this is a security issue. If you think I'm missing something, please use the "Flagging Existing Issues as Security-related" process described at https://golang.org/security.

It can still be updated to a newer version.

dmitshur
changed the title [-]x/tools/cmd/godoc: jquery version needs to be upgraded[/-] [+]x/tools/cmd/godoc: jquery can be updated to a newer version[/+] on Jun 12, 2020
dmitshur
added
NeedsFixThe path to resolution is known, but the work has not been done.
and removed
NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.
on Jun 12, 2020
l-lindsay

l-lindsay commented on Mar 9, 2022

@l-lindsay
l-lindsay
on Mar 9, 2022

Any intention on upgrading jquery to a later version? Seeing this issue pop up in a scan.

Brookke

Brookke commented on Mar 18, 2022

@Brookke
Brookke
on Mar 18, 2022

Looks like there's a fix for this awaiting review: golang/tools#250

bcmills

bcmills commented on Dec 9, 2022

@bcmills
bcmills
on Dec 9, 2022
Contributor

(CC @golang/security)

bcmills
mentioned this on Dec 9, 2022
bcmills
added
Security
and removed
Security
on Dec 9, 2022
gmonni

gmonni commented on Dec 12, 2022

@gmonni
gmonni
on Dec 12, 2022 · edited by gmonni

Hello would be possible upgrading jquery to 3.51. Security scanners identify the following vulnerabilities re jquery version currently in use?
image

14 remaining items

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

NeedsFixThe path to resolution is known, but the work has not been done.SecurityToolsThis label describes issues relating to any tools in the x/tools repository.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

    Development

    No branches or pull requests

      Participants

      @toothrot@FiloSottile@dmitshur@joegrasse@bcmills

      Issue actions
        x/tools/cmd/godoc: jquery can be updated to a newer version · Issue #39535 · golang/go