Lighthouse test shows security issues

Infos:

  • Used Zammad version: 5.2.1
  • Used Zammad installation type: source
  • Operating system: Ubuntu 20.04
  • Browser + version: Edge 103

Hey guys,

I’ve started a lighthouse test with my Zammad instance and see so many problems and optimizations. Not all points are bad but some issues should be fixed in my opinion.

Complete result

Security issues:
jQueryUI and Underscore are old and have known security issues!

I think the security issues are the important thing. The other problems are small things for the speed of the system. Some examples:

For the security issues, how is the version being determined? Does it provide a specific CVE? Keep in mind many apps will report a specific version, but many distros back port security fixes that aren’t reflected in the version number, as they are intended to remain compatible with all things that integrate with that version. You will find this a lot with CVEs for Apache and NGINX for Ubuntu. If you look up the specific CVE, usually you will find out that its already patched, but the reported version (the number chosen by the developer not the package maintainer) doesn’t change.

1 Like

Lighthouse tests, especially in terms of “optimizing stuff” is made for normla websites.
Comparing a normal website to a big ass web app like Zammad is, is like comparing the power of an bycicle and a car.

We regulary update dependencies with best effort possible.
This doesn’t always happen instantly due to the complexity you have with e.g. javascript libaries.