Open Closed

Jquery Datatables.net #6468


User avatar
0
Anjaneyulu created
  • ABP Framework version: v5
  • UI Type: MVC
    • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

We have created a dotnet project with earlier versions of ABP framework on dotnet 3 and later upgraded the dotnet version to 5 and lepton theme with ABP framwork 5.

Now the issue is our client has raised a black box pointer regarding the datatables.net version of the jquery.

*** The below POC describes that Application is using vulnerable version of datatables.net v1.10.22 below mentioned is the cve id for it: jquery datatables.net v1.10.22 :- CVE-2020-28458,CVE-2021-2344 ***

I need to updagrade the jquery& datatable.net version with out disturbing any other things as the application in production. I need to make sure resolve the pointer in the best way possible. attaching here with the screenshots for your reference.

I do see the follwing in the yarn.lock file :

"@abp/datatables.net-bs4@~3.3.2": version "3.3.2" resolved "https://registry.yarnpkg.com/@abp/datatables.net-bs4/-/datatables.net-bs4-3.3.2.tgz#8f55957f2d9e1558ebef2e42e2661573d7d76447" integrity sha512-oERUHVPldaVL5z4CJX6cFkSBoa5IQUEYyyxGiV8zJ/mzZ7uiV2+hMrSP90R9J4625op9rU2+OJpDoZaj6wsULQ== dependencies: "@abp/datatables.net" "~3.3.2" datatables.net-bs4 "^1.10.21"

"@abp/datatables.net@~3.3.2": version "3.3.2" resolved "https://registry.yarnpkg.com/@abp/datatables.net/-/datatables.net-3.3.2.tgz#7a396dd06f4c7cddae534a59f9b21036b26d234a" integrity sha512-huB1A8aXDpS1CdE4t2NukZxTZnOuGy+8nRGlKVI3kMDD4tRveX5ITfgPEAY/CckcbSwjFP2zqbmFZiuqim7FaQ== dependencies: "@abp/jquery" "~3.3.2" datatables.net "^1.10.21"

Thanks & Appreciate your response ASAP.


5 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can restore a specific version of the packages by editing your YourProject.Web/package.json

    add resolutions section and then run abp install-libs command.

    {
      "version": "0.1.0",
      "name": "abpio-account-web",
      "private": true,
      "dependencies": {
        /...
      },
      "resolutions": {
        "jquery": "3.7.1",
        "datatables.net": "1.13.8"
      }
    }
    
  • User Avatar
    0
    Anjaneyulu created

    Thank you for prompt response . Will check and update you.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    : )

  • User Avatar
    0
    Anjaneyulu created

    If i have to give the updated files after install libs, what are the minimum file i need to share from the publish folder to client.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Run abp install-libs command the new js and css files will move to wwwroot folder.

    so you only need to make this folder correctly.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09