please don't rely on me for this bit
authorSimon McVittie <smcv@debian.org>
Tue, 9 Dec 2014 23:43:56 +0000 (23:43 +0000)
committerSimon McVittie <smcv@debian.org>
Tue, 9 Dec 2014 23:43:56 +0000 (23:43 +0000)
doc/bugs/outdated_jquery-ui.mdwn

index 41d3f1b21f155108b174ebd0f9c8c42ab2bbbca3..bcd44e27d3cc3871c91793920be7c8612784865f 100644 (file)
@@ -8,3 +8,9 @@ Amitai gets there first.
 It doesn't look as though we actually use the vulnerable functionality.
 
 --[[smcv]]
+
+> This is more complicated than it looked at first glance because both
+> jquery and jquery-ui have broken API since the version we embed,
+> and we also ship other jquery plugins for [[plugins/attachment]].
+> Perhaps someone who knows jquery could check compatibility and
+> propose a branch? --[[smcv]]