Vulnerable version of the library 'jquery-ui-dialog' v1.10.0

[markuman]

Nextcloud 14.0.4 delivers jquery-ui-dialog version v1.10.0

#6340

head -n1 /var/www/nextcloud/core/vendor/jquery-ui/ui/minified/jquery-ui.custom.min.js 
/*! jQuery UI - v1.10.0 - 2013-01-18

The library jquery-ui-dialog version 1.10.0 (The vulnerability is affecting all versions prior 1.12.0) has known security issues.
For more information, visit those websites:

• XSS Vulnerability on closeText option of Dialog jQuery UI jquery/api.jqueryui.com#281
• https://nvd.nist.gov/vuln/detail/CVE-2016-7103
• https://snyk.io/vuln/npm:jquery-ui:20160721

[skjnldsv]

@ChristophWurst our dependency lord and master

[ChristophWurst]

I gave it a try, but there were too many changes from v1.10 to v1.12 as that could simply update it. See for youself: https://github.com/nextcloud/server/tree/stable14-update-jquery-ui. The sharing autocompletion, for example, has a different styling with the new version.

[skjnldsv]

Fixed since 17