Security Concern: Why is Xibo CMS Still Using jQuery UI 1.10.2? (Referenced in CVEs)

Developer Experience Developer Questions
1

Hello!,

I’m reaching out with a concern regarding the version of jQuery UI currently used in the Xibo CMS.

I’ve noticed that jquery-ui-1.10.2 is still being referenced in ./ui/src/bundle_style.js. This version is known to be listed in several Common Vulnerabilities and Exposures (CVEs).

Is there a plan in place to update jQuery UI in an upcoming release to mitigate these known security risks?

Thank you for your time and for maintaining such a great project!

Best regards,

1 Like
2

Hi and welcome to the community

Yes we have plans to remove jQuery in the next major release of Xibo (version 5). Meanwhile the team has confirmed we’re not vulnerable to the CVEs effecting jQuery-UI, as well as some other outdated libraries, etc.

2 Likes