CODEWITHSUNDEEP
jquery
Nuwan Fernando
Nuwan Fernando

Reputation: 153

Is there anything like End of Support for jQuery versions similar to End of Life/Supported Versions for security concern

We need to get jQuery supported version for security reasons. Is there anything like End of Support for jQuery versions similar to End of Life/Supported Versions in PHP(https://www.php.net/supported-versions.php) for security concern.

Appropriate if any one can help this.

Thank you.

Regard, Nuwan

Upvotes: 11

Views: 20529

Answers (2)

Kat Amsterdam
Kat Amsterdam

Reputation: 159

Using JQuery 1.x or 2.x is a security risk for Cross Site Scripting. It also demonstrates a lack of code review and code maintenance for the developing team. In today's security landscape, this is no longer acceptable, using end of life, out of support code.

Minimum versions of JQuery as of 2021-12-06:

JQuery 3.6.x or better

JQuery-UI 1.13.x or better

CVE's

CWE-829: Inclusion of Functionality from Untrusted Control Sphere

https://cwe.mitre.org/data/definitions/829.html

Upvotes: 5

CertainPerformance
CertainPerformance

Reputation: 371019

jQuery 1.x and 2.x are indeed EOL, but that doesn't mean that they have any very serious known security issues.

There are some problems that can arise in somewhat unusual situations, but as a maintainer of jQuery said:

We don't give any guarantees for jQuery 1.x/2.x - they're officially unsupported - but if a serious vulnerability was detected we might reconsider a patch.

Using the latest version of jQuery will give you more features, and more support in case you want to raise an issue or bug, but it's not essential from a security standpoint, in most cases. (for example, Stack Overflow uses jQuery 1.12.4, and many other sites still use jQuery 1 as well)

Upvotes: 10

Related Questions