Outdated JavaScript Library: Moment.js 2.29.3

jonathan.rhodes · January 22, 2025, 6:05am

Which product are you using?
PDF.js Express Plus

PDF.js Express Version

Detailed description of issue
A security test shows that the Moment.js version is out of date and has vulnerabilities.

Expected behaviour
All javascript libraries should be up-to-date and not have any vulnerabilities.

Does your issue happen with every document, or just one?
Every

Link to document
Private link.

Code snippet
In webviewer-core.min,.js line 859

wa(“x”,function(f,h,e){e._d=new Date(za(f))});

x.version=“2.29.3”;

tgordon · January 29, 2025, 9:18pm

Hello jonathan.rhodes,

Thank you for raising this and apologies for the delayed response. I have raised this to our development team for review.

Best regards,
Tyler

jonathan.rhodes · January 30, 2025, 1:05am

Thank you for the update

ahmad.chowdhury · November 7, 2025, 3:48am

Hi Tyler, Wondering if there is any update on this since this was raised almost 10 months ago.

Topic		Replies	Views
Security scan results General Discussion	3	56	July 12, 2024
[WebViewer] Version Mismatch: Technical Support pdfjs-express	2	773	October 12, 2021
Security vulnerabilities in PDF.js Express Technical Support	2	501	August 18, 2021
POST https://pi.pdfjs.express/events net::ERR_CERT_DATE_INVALID Bug Reports pdfjs-express	2	207	August 23, 2023
PDF.js Express 8.1.0 Announcements	0	252	September 23, 2021