jQuery versions 1.6.3 and higher provide protection against common forms of this problem; thus, the vulnerability is mitigated if your site has upgraded to a recent version of jQuery. However, the versions of jQuery that are shipped with Drupal 6 and Drupal 7 core do not contain this protection.
Although the fix added to Drupal as part of this security release prevents the most common forms of this issue in the same way as newer versions of jQuery do, developers should be aware that passing untrusted user input directly to jQuery functions such as jQuery() and $() is unsafe and should be avoided.
So does new 7.19 drupal has new jQ in it with fixed modules or have old jQ (fixed) with fixed modules ?
Comments
Comment #1
ericduran commentedI'm not sure I understand what the problem is.
Comment #1.0
ericduran commentededit
Comment #2
markhalliwellNo response