You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, we're using Event Organiser on https://californiaopioidresponse.org and are very happy with it. However, it's government funded, and the site was just scanned by a third-party agency that has flagged a security vulnerability in the moment.js script, which I see was identified on GitHub back in April of 2022 (GHSA-8hfj-j24r-96c4).
It looks like it’s the version in use in Event Organiser is at version 2.9, the current version is 2.30.1, and the issue was patched in version 2.29.2.
Would it be possible to get moment.js updated to > 2.29.2 with the next plugin update? When might that be (we're being asked for timelines to remedy these detected vulnerabilities).
Thanks!
The text was updated successfully, but these errors were encountered:
Hello, we're using Event Organiser on https://californiaopioidresponse.org and are very happy with it. However, it's government funded, and the site was just scanned by a third-party agency that has flagged a security vulnerability in the moment.js script, which I see was identified on GitHub back in April of 2022 (GHSA-8hfj-j24r-96c4).
It looks like it’s the version in use in Event Organiser is at version 2.9, the current version is 2.30.1, and the issue was patched in version 2.29.2.
Would it be possible to get moment.js updated to > 2.29.2 with the next plugin update? When might that be (we're being asked for timelines to remedy these detected vulnerabilities).
Thanks!
The text was updated successfully, but these errors were encountered: