jQuery versions 1.6.3 and higher provide protection against common forms of this problem; thus, the vulnerability is mitigated if your site has upgraded to a recent version of jQuery. However, the versions of jQuery that are shipped with Drupal 6 and Drupal 7 core do not contain this protection.

Although the fix added to Drupal as part of this security release prevents the most common forms of this issue in the same way as newer versions of jQuery do, developers should be aware that passing untrusted user input directly to jQuery functions such as jQuery() and $() is unsafe and should be avoided.

So does new 7.19 drupal has new jQ in it with fixed modules or have old jQ (fixed) with fixed modules ?

Comments

ericduran’s picture

Status: Active » Postponed (maintainer needs more info)

I'm not sure I understand what the problem is.

ericduran’s picture

Issue summary: View changes

edit

markhalliwell’s picture

Issue summary: View changes
Status: Postponed (maintainer needs more info) » Closed (outdated)

No response