Sentinel Upgrade sentinel-dashboard's jQuery version

vwoqyblh  于 2022-10-19  发布在  jQuery
关注(0)|答案(3)|浏览(197)

Issue Description

Type: bug report

Describe what happened

Our application is using Sentinel and is currently undergoing penetration testing. The test scans out the vulnerability of the jQuery version is too low. Users are at risk of being targeted with XSS attacks.

Describe what you expected to happen

Hope the community can upgrade the version of jQuery to 3.5.0 or later. Or you can tell us how to replace and upgrade the version ourselves.

How to reproduce it

https://github.com/alibaba/Sentinel/blob/1.8.4/sentinel-dashboard/src/main/webapp/resources/lib/js/jquery.min.js

Tell us your environment

  • Operating env: K8S
  • Sentinel version: 1.8.1.1

Anything else we need to know?

Null

jaxagkaj

jaxagkaj1#

Can I get some responses? thank you

fae0ux8s

fae0ux8s2#

Contributions are welcomed.

qnyhuwrf

qnyhuwrf3#

BTW, note how I updated on K8S:

  1. Upgrade jQuery version as PR
  2. mvn clean package
  3. Create Dockerfile:
FROM adoptopenjdk/openjdk11:latest
MAINTAINER Zander

ENV LANG=C.UTF-8
ENV JAVA_OPTS=""

COPY sentinel-dashboard.jar sentinel-dashboard.jar
CMD java ${JAVA_OPTS} -jar sentinel-dashboard.jar
  1. build -t imageName:version

相关问题