Thanks for Deform; lovely work!
An question/issue re the jQuery versuib and security:
This was pointed out to us by a penetration testing company. They note that the potential exploit methods are complex, but I'm afraid I don't know whether this is in effect a false positive or whether it is a real concern. However, on the assumption that they are right:
Could Deform ship with a more recent jQuery version? I note this is clearly not as simple as dropping in the current version (3.6.0 does not work)! Many thanks for thinking about this.
Thanks for Deform; lovely work!
An question/issue re the jQuery versuib and security:
static/scripts/jquery-2.0.3.min.js.<head>tags of pages using Deform, as per https://docs.pylonsproject.org/projects/deform/en/2.0-branch/basics.html#serving-up-the-rendered-form.This was pointed out to us by a penetration testing company. They note that the potential exploit methods are complex, but I'm afraid I don't know whether this is in effect a false positive or whether it is a real concern. However, on the assumption that they are right:
Could Deform ship with a more recent jQuery version? I note this is clearly not as simple as dropping in the current version (3.6.0 does not work)! Many thanks for thinking about this.