Classic, Ecwid and security issues

We have been trading for many years without any security issues (using Rapidweaver along with an ECWID payment set up).

Recently, scans by Security Metrics are showing jQuery errors which means we are now technically not compliant and they have asked us to correct the problem.

I thought it was due to old stacks software, but I think we are running the most up to date version. I asked ECWID if they could shed any light on this and got this answer:

Ecwid does not use jQuery.

Additionally, I have checked your website https://www.medlarpress.com/ and see that it was built using RapidWeaver. I checked the scripts on the website and found that the jQuery script with version 2.2.4 comes from RapidWeaver itself.

You may see that it belongs to RapidWeaver because the URL for the script includes rw_common. In this case, I recommend reaching out to the RapidWeaver support team to inquire about the jQuery script and how to update it.

So there you have it - I’m already operating on the edge of my own ability . . . can anyone show me a simple way to remedy this?

I’m currently also half-way through a conversion to elements, so hope the problem won’t appear there as well!

By default RapidWeaver Classic does not use jQuery…

Looking at your source code it appears that jQuery 2.2.4 is being included by the Stacks plugin, perhaps @isaiah at YourHead or @joeworkman could advise if there’s a way in Stacks to use a newer version of jQuery in Stacks?

The good news is that this will not be a problem for you with Elements

Thanks Dan

I’ll ask about that, though I’m not too keen to start trying to patch classic if I don’t need to - and its good to know the new Elements site will be OK - perhaps I’d better get a move on with building it!

Jon

@jonwardallen, yes I think migrating to Elements asap would be a good idea!

If you get stuck or have questions on how to do something in Elements, just start a new thread and we’ll help you out