Advisory Release Date
June 10, 2019
All through 3.1.6
The jQuery vulnerability is described here:
The vulnerability was corrected in jQuery version 3.4.0. The jQuery release notes can be found here:
Although SOAPam Server does not directly use the jQuery.extend() function, a hotfix is available which updates the jQuery script files stored in the VFS. to version 3.4.1. Note that this hotfix is for the 3.1.6 release only. If you would like a hotfix prepared for another release, please open a support case and let us know the release you're using.
Install the hotfix by following these steps:
- Download the hotfix PAK file using the link below and transfer the file to your NonStop system.
- Unpak the hotfix PAK file, which contains the following VFS image file:
- Update the VFS with the hotfix files using the following VFSMGR command:
tacl>run vfsmgr -vfs <vfs-subvol> -put folder hfimage / !
- Refresh any browser running the Control Panel to refresh the jQuery files.