lcolombo Posted December 9, 2020 Share Posted December 9, 2020 Hi, We hire a penetration test on a system based on unigui and they recommend us to update the jquery libraries: The following libraries are out of date: /fullweb.dll/uni-1.90.0.1526/jQuery/jquery-1.11.2.min.js Version: 1.11.2 Date: 2014 /fullweb.dll/uni-1.90.0.1526/jQuery/MaskedInput/jquery.inputmask.min.js Version: 3.1.63-22 Date: 2015 /fullweb.dll/uni-1.90.0.1526/jQuery/autoNumeric/autoNumeric-1.9.35.js Version: 1.9.35 Date: 2015 is it possible to update these libraries? Regards Quote Link to comment Share on other sites More sharing options...
Hayri ASLAN Posted December 11, 2020 Share Posted December 11, 2020 Hi, you can set ServerModule -> Options -> soDontLoadJQueryLib := True and add latest jquery file with CustomFiles. 1 Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 22, 2022 Share Posted January 22, 2022 On 12/11/2020 at 4:44 PM, Hayri ASLAN said: Hi, you can set ServerModule -> Options -> soDontLoadJQueryLib := True and add latest jquery file with CustomFiles. Hello, Is it possible to add a new version of these libraries via URL (for example: https://cdnjs.cloudflare.com/ajax/libs/jquery.inputmask/5.0.8-beta.1/jquery.inputmask.min.js ) in CustomFiles or do I need to add it to another list (who is it)? Quote Link to comment Share on other sites More sharing options...
Sherzod Posted January 22, 2022 Share Posted January 22, 2022 Hello, 19 minutes ago, irigsoft said: URL (for example: https://cdnjs.cloudflare.com/ajax/libs/jquery.inputmask/5.0.8-beta.1/jquery.inputmask.min.js ) in CustomFiles Yes. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 22, 2022 Share Posted January 22, 2022 15 minutes ago, Sherzod said: Hello, Yes. Okay, how? Add to my CustomFiles via TUniServerModule.UniGUIServerModuleCreate (Sender: TObject) ;, but after loading the address http: // myserver: port / uni-1.90.0.1526 / jQuery / MaskedInput / jquery.inputmask.min.js browser shows version 3 (older version) Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 22, 2022 Share Posted January 22, 2022 @Sherzod, does it matter if I use local files and URLs in this CustomFile? If I have in my list: " \mydir\customfile1.js https://cdnjs.cloudflare.com/ajax/libs/jquery.inputmask/5.0.8-beta.1/jquery.inputmask.min.js \mydir\othercustomfile.js \mydir\customfile3.js https://www.gstatic.com/firebasejs/7.21.1/firebase-firestore.js " is it possible to get wrong loading of files (If some files or URL in the list is not exist) or is not matter ? Quote Link to comment Share on other sites More sharing options...
Sherzod Posted January 22, 2022 Share Posted January 22, 2022 12 minutes ago, irigsoft said: but after loading the address http: // myserver: port / uni-1.90.0.1526 / jQuery / MaskedInput / jquery.inputmask.min.js browser shows version 3 (older version) Take a good look, the browser will show the new version as well. 22 minutes ago, irigsoft said: jquery.inputmask.min.js Sorry, I didn't pay attention. jquery.inputmask.min.js and jquery-xx.min.js are different libraries, although the first file depends on the second. jquery.inputmask.min.js - we can't unload this file at the moment because some components depend on it. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 22, 2022 Share Posted January 22, 2022 On 12/9/2020 at 9:18 PM, lcolombo said: Hi, We hire a penetration test on a system based on unigui and they recommend us to update the jquery libraries: The following libraries are out of date: /fullweb.dll/uni-1.90.0.1526/jQuery/jquery-1.11.2.min.js Version: 1.11.2 Date: 2014 /fullweb.dll/uni-1.90.0.1526/jQuery/MaskedInput/jquery.inputmask.min.js Version: 3.1.63-22 Date: 2015 /fullweb.dll/uni-1.90.0.1526/jQuery/autoNumeric/autoNumeric-1.9.35.js Version: 1.9.35 Date: 2015 is it possible to update these libraries? Regards And what is the solution to this vulnerability ? Quote Link to comment Share on other sites More sharing options...
Sherzod Posted January 22, 2022 Share Posted January 22, 2022 Just now, irigsoft said: And what is the solution to this vulnerability ? Some components are adapted to the version that comes with UniGUI. How do you want to use the new version? For what? Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 22, 2022 Share Posted January 22, 2022 8 minutes ago, Sherzod said: Some components are adapted to the version that comes with UniGUI. How do you want to use the new version? For what? in this topic, security experts have recommended the replacement of files. While currently working on the security of my server, I saw that some were trying to access these system files (maybe looking for some vulnerability in them). I tried to update them and I understand that this is not possible (it is understandable on your part) and I looking for solution. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 22, 2022 Share Posted January 22, 2022 @lcolombo, were you able to replace these js files with their new versions? Quote Link to comment Share on other sites More sharing options...
lcolombo Posted February 10, 2022 Author Share Posted February 10, 2022 @irigsoft, I manually replaced the js file, then I did several tests and I didn't have big problems, but only in a pre-production environment. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted February 10, 2022 Share Posted February 10, 2022 Thank You, So this solution don't work for You ? On 12/11/2020 at 4:44 PM, Hayri ASLAN said: you can set ServerModule -> Options -> soDontLoadJQueryLib := True and add latest jquery file with CustomFiles. Quote Link to comment Share on other sites More sharing options...
Wilton Ergon Posted February 11, 2022 Share Posted February 11, 2022 this chrome option, do an analysis on the site, and one of the points that caught my attention was also referring to the jquery libraries, which are outdated, and have critical vulnerabilities, it would be great if unigui already came with these latest libraries . 2 2 Quote Link to comment Share on other sites More sharing options...
irigsoft Posted July 15, 2022 Share Posted July 15, 2022 @Sherzod can You help here, how to use last version of JQuery, solutions dont work for me? Quote Link to comment Share on other sites More sharing options...
Sherzod Posted July 15, 2022 Share Posted July 15, 2022 Hello @irigsoft Please clarify what exactly is the issue? But keep in mind, uniEdit.pas uses two js libraries that are linked to the current version of jquery that UniGUI uses. jquery.inputmask.min.js autoNumeric-1.9.35.js Quote Link to comment Share on other sites More sharing options...
irigsoft Posted July 15, 2022 Share Posted July 15, 2022 2 minutes ago, Sherzod said: Hello @irigsoft Please clarify what exactly is the issue? But keep in mind, uniEdit.pas uses two js libraries that are linked to the current version of jquery that UniGUI uses. jquery.inputmask.min.js autoNumeric-1.9.35.js what is solution of this: "Hi, We hire a penetration test on a system based on unigui and they recommend us to update the jquery libraries: The following libraries are out of date: /fullweb.dll/uni-1.90.0.1526/jQuery/jquery-1.11.2.min.js Version: 1.11.2 Date: 2014 /fullweb.dll/uni-1.90.0.1526/jQuery/MaskedInput/jquery.inputmask.min.js Version: 3.1.63-22 Date: 2015 /fullweb.dll/uni-1.90.0.1526/jQuery/autoNumeric/autoNumeric-1.9.35.js Version: 1.9.35 Date: 2015 is it possible to update these libraries?" Quote Link to comment Share on other sites More sharing options...
Sherzod Posted July 15, 2022 Share Posted July 15, 2022 1 minute ago, irigsoft said: The following libraries are out of date: /fullweb.dll/uni-1.90.0.1526/jQuery/jquery-1.11.2.min.js Version: 1.11.2 Date: 2014 This issue you can fix. Above, it was indicated how to disable the built-in jquery library in UniGUI. And you can include the latest version of the library, in many ways you know. 5 minutes ago, irigsoft said: /fullweb.dll/uni-1.90.0.1526/jQuery/MaskedInput/jquery.inputmask.min.js Version: 3.1.63-22 Date: 2015 /fullweb.dll/uni-1.90.0.1526/jQuery/autoNumeric/autoNumeric-1.9.35.js Version: 1.9.35 Date: 2015 This is only by correcting the UniEdit module. You can send a request to the support portal. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted July 15, 2022 Share Posted July 15, 2022 Thank You. 1 Quote Link to comment Share on other sites More sharing options...
irigsoft Posted July 19, 2022 Share Posted July 19, 2022 On 7/15/2022 at 4:40 PM, Sherzod said: This is only by correcting the UniEdit module. You can send a request to the support portal. hello, is it possible to change library via this code? this code to MainForm.Script Ext.onReady(function() { Ext.Loader.loadScript('files/html2canvas.min.js'); // please correct your path }); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.