Vanilla Update to jQuery?
From Adam - source
There is a long and storied history about our jquery usage. We do not use it going forwards and our newer pages do not contain it at all. Knowledge Base, Search, Events, and Custom Layout pages do not include jquery at all.
Due to many legacy customer controller integrations into jquery and our own lack of usage we have not upgraded to the 3.x branch. Instead we
- Removed it from new pages
- Performed careful analysis of existing usage of it and backported patches for the following 4 CVEs into our custom fork of jQuery 1.10
- CVE-2019-11358
- Completely disabled the
globalEvalfunction - Patched CVE-2015-9251
- Patched CVE-2020-11022
0