< thm> joeyh: ping
< thm> can you update the embedded jquery-ui? (for cve
2010-5312, and/or 2012-6662)
I'll do this next time I spend some time on ikiwiki unless Joey or Amitai gets there first.
It doesn't look as though we actually use the vulnerable functionality.
--smcv
This is more complicated than it looked at first glance because both jquery and jquery-ui have broken API since the version we embed, and we also ship other jquery plugins for attachment. Perhaps someone who knows jquery could check compatibility and propose a branch? --smcv