NethCTI 3: upgrade moment.js dependency due to security vulnerability

[alepolidori]

Description

Moment library is vulnerable to regular expression denial of service via a crafted date string.
Here all info: https://nvd.nist.gov/vuln/detail/CVE-2017-18214
Issue: moment/moment#4163

Todo
Update the library

[alepolidori]

On the client the lib is never used: I have removed it.

[alepolidori]

Note: requires update of client and server

How to test

• verify that date time is correct, for example in history, switchboard search, into the queue service (e.g. the lost queue calls list) and into the offhoure.
• verify the correctness of datetime into the server log /var/log/asterisk/nethcti.log

[nethbot]

in 7.4.1708/nethesis-testing:

• nethcti3-3.0.10-1.5.g5f51157.ns7.noarch.rpm

[nethbot]

in 7.4.1708/nethesis-testing:

• nethcti-server3-3.0.8-1.7.ga6c0542.ns7.x86_64.rpm
• nethcti-server3-debuginfo-3.0.8-1.7.ga6c0542.ns7.x86_64.rpm

[SebastianMB-IT]

Verified

[nethbot]

in 7.4.1708/nethesis-testing:

• nethcti3-3.0.10-1.6.gfab6691.ns7.noarch.rpm

[nethbot]

in 7.4.1708/nethesis-upgrades:

• nethcti-server3-debuginfo-3.0.9-1.ns7.x86_64.rpm
• nethcti-server3-3.0.9-1.ns7.x86_64.rpm

[nethbot]

in 7.4.1708/nethesis-upgrades:

• nethcti3-3.0.11-1.ns7.noarch.rpm

[alepolidori]

Timestamp on the client is broken

[alepolidori]

Fixed

[nethbot]

in 7.4.1708/nethesis-testing:

• nethcti3-3.0.11-1.1.g2d7ed2d.ns7.noarch.rpm

[nethbot]

in 7.4.1708/nethesis-upgrades:

• nethcti3-3.0.12-1.ns7.noarch.rpm