We performed a vulnerability scan using ZAP Proxy and as a result the jQuery plugin v.19.5 included in the latest LTS versions of OMP and OJS is found to be vulnerable. Could you please tell us if this is a false positive or is actually vulnerable and what would be the next step to fix this? Thanks.
What application are you using?
OJS 3.3.0.20
OMP 3.3.0.20
Ubuntu LTS 24.04.1
Hi @pchamorro,
We’ve already assessed this vulnerability and determined that OJS does not offer an attack surface. It’s safe to use the latest OJS 3.3.0-x, even though that library is included. We simply don’t use it in a way that allows it to be attacked.
(The OJS 3.3.0-x line of releases uses a lot of 3rd party software that becomes more difficult to update incrementally as the line ages; when we make the jump to declaring OJS 3.5.0 as our next LTS, it’ll represent a refresh of all these dependencies that will be easier to maintain for the next years.)
Regards,
Alec Smecher
Public Knowledge Project Team
Thank you very much.
This topic was automatically closed after 11 days. New replies are no longer allowed.
