Opened 10 years ago
Closed 10 years ago
Last modified 10 years ago
#770 closed defect (fixed)
New video.js (was: XSS vulnerability)
|Reported by:||Abandoned||Owned by:|
VideoJS has XSS vulnerability
Change History (6)
by , 10 years ago
comment:1 by , 10 years ago
comment:2 by , 10 years ago
Well I updated the videojs code in MediaGoblin master, but then realized that this was for the SWF stuff only... we don't use that in MediaGoblin proper! It is used on the mediagoblin.org campaign page, but that site is a 100% static site, no logins or anything, so I think it's moot.
In the meanwhile I'll use this to track what to do about the mediagoblin master code changing. The code I pushed broke our existing videojs theming. But this does decrease the priority of pushing out a release.
comment:3 by , 10 years ago
|Component:||infrastructure → programming|
comment:4 by , 10 years ago
|Status:||new → closed|
I think actually we're going to stick with the latest video.js, but there's no hurry to push out a new release anymore.
comment:5 by , 10 years ago
|Summary:||XSS vulnerability → New video.js (was: XSS vulnerability)|
You're right, argh. It looks like this has been addressed here: https://github.com/videojs/video-js-swf/issues/12
We need to update our videojs code it looks like... trying now.