Security issue with cCMS v9.x.x with outdated library Moment.js@2.24.0

Dear community and core team,

I just updated to the latest CMS version 9.1.3 through the remote updater and happily switched a few remaining images to WEBP with the newly added option to use WEBP natively.

When I checked on the technical speed improvement, I ran my website through I received a notification that there is a security issue with the outdated library moment.js.

Checking the installed version, it seems that cCMS has been on the old version 2.24.0 for Moment.js since the initial v9 release.

Moment.js states that version 2.29.4 is the latest available.

Do you have plans to include the latest version in the core build?

I would be interested in your view and whether you see the outdated Moment.js-version as an issue.

Kind regards,

1 Like

I also mentioned this - a clean 9.1.2 install uses the same library so, I am glad that I am not the only one who raised this issue.

9.2 will include the latest stable version of moment.js