Hi all - we’re using Jitsi for some 1-1 video conferencing for a web product, and a security team where we use it has raised the issue of the jitsi plugin having some critical vulnerabilities in it’s chrome extension.
They pointed to CRXcavator for the jitsi meet chrome extension which has some outdated jquery libraries:
Is the source for that extension part of the open source repos? If so I could potentially put a pull request in for updating those libraries. If not, is there a procedure for reporting this type of thing?