Jquery Datatables.net #6468 | Support

Anjaneyulu created one year ago

ABP Framework version: v5
UI Type: MVC
- Database System: EF Core (SQL Server)
Tiered (for MVC) or Auth Server Separated (for Angular): yes
Exception message and full stack trace:
Steps to reproduce the issue:

We have created a dotnet project with earlier versions of ABP framework on dotnet 3 and later upgraded the dotnet version to 5 and lepton theme with ABP framwork 5.

Now the issue is our client has raised a black box pointer regarding the datatables.net version of the jquery.

*** The below POC describes that Application is using vulnerable version of datatables.net v1.10.22 below mentioned is the cve id for it: jquery datatables.net v1.10.22 :- CVE-2020-28458,CVE-2021-2344 ***

I need to updagrade the jquery& datatable.net version with out disturbing any other things as the application in production. I need to make sure resolve the pointer in the best way possible. attaching here with the screenshots for your reference.

I do see the follwing in the yarn.lock file :

"@abp/datatables.net-bs4@~3.3.2": version "3.3.2" resolved "https://registry.yarnpkg.com/@abp/datatables.net-bs4/-/datatables.net-bs4-3.3.2.tgz#8f55957f2d9e1558ebef2e42e2661573d7d76447" integrity sha512-oERUHVPldaVL5z4CJX6cFkSBoa5IQUEYyyxGiV8zJ/mzZ7uiV2+hMrSP90R9J4625op9rU2+OJpDoZaj6wsULQ== dependencies: "@abp/datatables.net" "~3.3.2" datatables.net-bs4 "^1.10.21"

"@abp/datatables.net@~3.3.2": version "3.3.2" resolved "https://registry.yarnpkg.com/@abp/datatables.net/-/datatables.net-3.3.2.tgz#7a396dd06f4c7cddae534a59f9b21036b26d234a" integrity sha512-huB1A8aXDpS1CdE4t2NukZxTZnOuGy+8nRGlKVI3kMDD4tRveX5ITfgPEAY/CckcbSwjFP2zqbmFZiuqim7FaQ== dependencies: "@abp/jquery" "~3.3.2" datatables.net "^1.10.21"

Thanks & Appreciate your response ASAP.

5 Answer(s)

0
maliming created one year ago
Support Team Fullstack Developer
hi

You can restore a specific version of the packages by editing your YourProject.Web/package.json

add resolutions section and then run abp install-libs command.

{ "version": "0.1.0", "name": "abpio-account-web", "private": true, "dependencies": { /... }, "resolutions": { "jquery": "3.7.1", "datatables.net": "1.13.8" } }
0

Anjaneyulu created one year ago

Thank you for prompt response . Will check and update you.
0

maliming created one year ago
Support Team Fullstack Developer

: )
0

Anjaneyulu created one year ago

If i have to give the updated files after install libs, what are the minimum file i need to share from the publish folder to client.
0

maliming created one year ago
Support Team Fullstack Developer

hi

Run abp install-libs command the new js and css files will move to wwwroot folder.

so you only need to make this folder correctly.

Have an answer to this question? Log in and write your answer.