Question posted in 
We need to get jQuery supported version for security reasons. Is there anything like End of Support for jQuery versions similar to End of Life/Supported Versions in PHP(https://www.php.net/supported-versions.php) for security concern.
Appropriate if any one can help this.
Thank you.
Regard,
Nuwan
2
Answers
jQuery 1.x and 2.x are indeed EOL, but that doesn’t mean that they have any very serious known security issues.
There are some problems that can arise in somewhat unusual situations, but as a maintainer of jQuery said:
Using the latest version of jQuery will give you more features, and more support in case you want to raise an issue or bug, but it’s not essential from a security standpoint, in most cases. (for example, Stack Overflow uses jQuery 1.12.4, and many other sites still use jQuery 1 as well)
Using JQuery 1.x or 2.x is a security risk for Cross Site Scripting. It also demonstrates a lack of code review and code maintenance for the developing team. In today’s security landscape, this is no longer acceptable, using end of life, out of support code.
Minimum versions of JQuery as of 2021-12-06:
JQuery
3.6.x or better
JQuery-UI
1.13.x or better
CVE’s
CVE-2020-11023 6.9 https://nvd.nist.gov/vuln/detail/CVE-2020-11023
CVE-2020-11022 6.9 https://nvd.nist.gov/vuln/detail/CVE-2020-11022
CVE-2015-9251 6.1 https://nvd.nist.gov/vuln/detail/CVE-2015-9251
CVE-2020-11023 CWE-79
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CVE-2020-11022 CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CVE-2015-9251 CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CWE-829: Inclusion of Functionality from Untrusted Control Sphere
https://cwe.mitre.org/data/definitions/829.html