5
 Followers
50
 Likes

Upgrade jQuery version

New

SilkUI uses jQuery 1.8.3 (released November 13, 2012)

This version of jQuery is no longer supported by the vendor, as it has reached its endof-life. 

Versions from 1.6.3 to (and including) 1.8.3 have known vulnerabilities associated with them.

This jQuery can by default interpret script content received via $.get(), despite it originating from a third-party location. This version may also execute script content when supplied via class selectors.

Please stay up-to-date with 3rd party libraries. The current version is 3.1.

Kind regards,

Matthias Preuter

Created on 20 Mar
Comments (6)
21 Mar

Is the outsystems not a subset of 1.8.3 and slightly customized?

Furthermore, personally I am not keen on a newer version, because chances are it's more bloated.


It could be a subset, but the above vulnerability; is valid. And maybe there are even more. It is always the best to stay up-to-date because of security updates.

26 Mar (4 weeks ago)

Funny enough we have an issue now with a security audit :(

So I need to like it now :D


26 Mar (4 weeks ago)

Maybe the same Auditor?

28 Mar (4 weeks ago)

Or just supply a more recent version as a possible choice in the espace configuration. So you can check and switch on your own time.

12 Apr (12 days ago)

We've done implementations to bypass the default jquery version but you may get conflicts trying to load two versions.

views
377
Followers
5