Contact Enhanced includes jquery.fileupload version: 5.37.0 which is not secure

To IdealExtensions:

We use Sucuri to scan our Joomla site for vulnerabilities. It recently identified an outdated jquery file in Contact Enhanced. The file is located at ...components/com_contactenhanced/assets/jquery.fileupload/js/jquery.fileupload.js. If you view that file you will see that it is version 5.37.0 and released back in 2010. Sebastian Tschan (blueimp) has much newer and much more secure releases at github.com/blueimp/jQuery-File-Upload/releases

There may be other very outdated 3rd party files that IdealExtensions should update. This one should be considered a high priority since it is a file upload library and file uploads are targets for 'bad guys'.

We are running latest CE version (as of this writing) on Joomla 3.9.8

Please let me know if you plan to update this js script soon.

Greetings,

Even though jQuery-File-Upload JS files was outdated, Contact Enhanced was using one of the latest versions of the PHP file, used for the server side upload, where the security vulnerabilities were located. Also, Contact Enhanced does not use "Iframe Transport" feature.

Anyway, in order to avoid the Sucuri false positive, I've updated the entire jQuery-File-Upload Plugin in the source code and implemented all required changes to the Multiple Files Upload Form Field in order to reflect the latest JS Plugin changes.

I'll create a new package either today or tomorrow.

PS: Your site/forum username was your email address but I've renamed it to dseger in order to avoid email harvesting...

Best regards,

Thank you Douglas for your quick action. I like your products. We will update when the next release is available.
Dennis

Dear Dennis,

I'm glad you like our products.

I've released a new version last night. It should be available from Joomla Extensions » Manage » Update.

Best wishes,