We introduced Semantic Versioning (semver) for our releases. This ensures that the version format is structured as oss_version-jquery-nes_version, providing clarity and consistency across updates.
1.6.7 (NES) - June 6, 2024
Notes
- This release was the first release in the 1.6.x NES line where the Semantic Versioning was updated.
Full Version: 1.6.3-jquery-1.6.7
Bug Fixes
- Removed doc references to outdated and now malicious site (BDSA-2021-3651)
1.6.6 (NES) - March 13, 2024
Full Version: 1.6.6
Notes
- Only non-functional files (licensing, copyright, packaging, etc) required for NES distribution were changed.
1.6.5 (NES) - February 8, 2024
Notes
- This release originates from an open-source jQuery repository forked by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful building.
Full Version: 1.6.5
Bug Fixes
- Prevent auto-execution of scripts when no explicit dataType was provided
- This fixes a Moderate Severity Cross-Site Scripting (XSS) vulnerability (CVE-2015-9251)
- Strict HTML recognition (#11290: must start with <)
- This fixes a Moderate Severity Cross-Site Scripting vulnerability (CVE-2012-6708)
- Prevent Object.prototype pollution
- This fixes a Moderate Severity XSS in jQuery as used in Drupal, Backdrop CMS, and other products vulnerability (CVE-2019-11358)
- Remove instances where HTML (from untrusted sources) is passed into a manipulation method
- This fixes a Moderate Severity Potential XSS vulnerability (CVE-2020-11022)
- Wrap <option> element to prevent executing untrusted code
- This fixes a Moderate Severity Potential XSS vulnerability (CVE-2020-11023)
- Remove whitespace from <script> elements to prevent execution of arbitrary JavaScript
- This fixes a Moderate Severity Cross-Site Scripting vulnerability (CVE-2020-7656)