Vulnerability in moment.js

This topic contains 0 replies, has 1 voice, and was last updated by  David Lake 7 months, 3 weeks ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #43821

    Hello, we’re using Event Organiser on https://californiaopioidresponse.org and are very happy with it. However, the site is government funded, and was just scanned by a third-party agency that has flagged a security vulnerability in the moment.js script, which I see was identified on GitHub back in April of 2022 (https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4).

    It looks like the version in use in Event Organiser is at version 2.9, the current version is 2.30.1, and the issue was patched in version 2.29.2.

    Would it be possible to get moment.js updated to > 2.29.2 with the next plugin update? When might that be? (We’re being asked for timelines to remedy these detected vulnerabilities)

    Thanks!

    David Lake
Viewing 1 post (of 1 total)
To enable me to focus on Pro customers, only users who have a valid license for the Pro add-on may post new topics or replies in this forum. If you have a valid license, please log-in or register an account using the e-mail address you purchased the license with. If you don't you can purchase one here. Or there's always the WordPress repository forum.