Vulnerabilities with Foundry

heretix · 2 September 2021 07:28

after switching to Foundry, a webdev check signal some vulnerabilities that worries me:

[Bootstrap@4.0.0] 3 Medium

[jQuery@2.2.4] 4 Medium

[GreenSock JS@1.19.0] 1 High

Is this serious and is there a fix?

PJ

rolisize · 2 September 2021 13:24

You may get a faster response here

Elixir · 2 September 2021 13:56

Good morning @heretix –

The items you’ve outlined aren’t as big of a concern as you might think, IMO, though without seeing the specific list(s) I can’t comment on them in detail. If you’d like to email me with the full list I’d be glad to look at them (adam at elixirgraphics dot com). That said I’ll touch on the three items you mentioned below:

Bootstrap
The Bootstrap version is something that will be addressed with a future update when we move to Bootstrap v5. This isn’t something that will be instantaneous though. Foundry is built on a one-off version of Bootstrap currently, so this is something that will take quite some time and a HUGE amount of work. That said I don’t believe you should see any problems here honestly. I’ve seen a very small list of vulnerabilities for v4 and one of them doesn’t relate to Foundry at all.

jQuery
This is a complicated one. Some of the stacks still require older versions of jQuery and will not work with newer versions. There’s no getting around it unfortunately. I am looking to move away from jQuery for Foundry in the future however. There may be situations where it is required for something, and if that is the case a newer version of jQuery will be used. @Isaiah wrote a good post regarding jQuery and its complicated relationship with Stacks here, on a thread very similar to your own:

GreenSock
This is an update I already have in the pipeline for Navigation Bar Pro, which I’m guessing is the stack you’re using that contains this library. Be on the look out for it in the more near future.

heretix · 2 September 2021 15:12

Thanks Adam, I am happy with Foundry, and not excessively worried, after uploading the site I ran it on webdev or lighthouse, as i find it usefull to improve the site speed or seo or accessibility.
the highlighting of vulnerabilities, to me, justified a query, here is what the report says:

Includes front-end JavaScript libraries with known security vulnerabilities 8 vulnerabilities detected
Some third-party scripts may contain known security vulnerabilities that are easily identified and exploited by attackers. Learn more.
Library Version
Vulnerability Count
Highest Severity
Bootstrap@4.0.0
3
Medium
jQuery@2.2.4
4
Medium
GreenSock JS@1.19.0
1
High
Ensure CSP is effective against XSS attacks
A strong Content Security Policy (CSP) significantly reduces the risk of cross-site scripting (XSS) attacks. Learn more
Description
Directive
Severity
No CSP found in enforcement mode

Thanks for your answer, and keep up the good work

Regards,

PJ

system · 3 October 2021 01:12

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Bootstrap versions for Stacks and Foundry Stacks	5	1021	26 September 2019
jQuery - Security Issues General	6	825	24 October 2020
Foundry Done. Now what do I do? General	10	278	25 November 2024
Foundry, Stacks and the Future of Classic Classic	8	204	20 November 2024
Happy New Year! 🥳 Classic	3	468	7 February 2022

Vulnerabilities with Foundry

Related topics