skip to Main Content

We need to get jQuery supported version for security reasons. Is there anything like End of Support for jQuery versions similar to End of Life/Supported Versions in PHP(https://www.php.net/supported-versions.php) for security concern.

Appropriate if any one can help this.

Thank you.

Regard,
Nuwan

2

Answers


  1. jQuery 1.x and 2.x are indeed EOL, but that doesn’t mean that they have any very serious known security issues.

    There are some problems that can arise in somewhat unusual situations, but as a maintainer of jQuery said:

    We don’t give any guarantees for jQuery 1.x/2.x – they’re officially unsupported – but if a serious vulnerability was detected we might reconsider a patch.

    Using the latest version of jQuery will give you more features, and more support in case you want to raise an issue or bug, but it’s not essential from a security standpoint, in most cases. (for example, Stack Overflow uses jQuery 1.12.4, and many other sites still use jQuery 1 as well)

    Login or Signup to reply.
  2. Using JQuery 1.x or 2.x is a security risk for Cross Site Scripting. It also demonstrates a lack of code review and code maintenance for the developing team. In today’s security landscape, this is no longer acceptable, using end of life, out of support code.

    Minimum versions of JQuery as of 2021-12-06:

    JQuery
    3.6.x or better

    JQuery-UI
    1.13.x or better

    CVE’s

    CWE-829: Inclusion of Functionality from Untrusted Control Sphere

    https://cwe.mitre.org/data/definitions/829.html

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search