It’s been an extremely busy week or so in the world of JavaScript. Last Monday the first release of the jQuery Mobile project, aimed at helping developers build great cross-device mobile websites, was released. This was immediately followed by a new version of the jQuery framework the following day, hosting a range of performance increases. Version 1.1 of the Knockout data binding framework appeared on Thursday; the new version of HP’s webOS was due to land on Friday with the new ability to build services with node.js; and Adobe AIR 2.5 turned up on Monday with a long list of new supported devices.
Now, a new version of the YUI, Yahoo’s JavaScript library, has been released. Version 2.8.2 is an update for the 2.8 branch of the library with an important bug fix. YUI versions between 2.4.0 and 2.8.1 are all vulnerable to a JavaScript injection attack against the YUI 2 Flash Component Infrastructure, meaning the server hosting the SWF files used here could be exploited.
It is highly recommended that users of the affected versions upgrade immediately. Developers using the jQuery or Google provided CDNs for hosting their code need not be concerned as the fix is already deployed there. More information is available in the security bulletin.
Comments