Change ANZ to use jQuery 3.6.0 rather than 3.4.1 to avoid XSS vulnerabilities. #10631 | Support Center

Mitch created 3 years ago

What is your product version? 10.5
What is your product type (Angular or MVC)?MVC
What is product framework type (.net framework or .net core)?.Core

We've just run a Security check on ANZ 10.5 and it has failed due to the version of jQuery being 3.4.1. The exact description was "jQuery v3.4.1 contains multiple known cross-site scripting vulnerabilities. All versions prior to 3.5.0 are vulnerable."

Without wishing to make too many changes to ANZ, what is the correct way to update the version of jQuery that ANZ uses?

2 Answer(s)

0

ismcagdas created 3 years ago
Support Team

Hi @Mitch

You can upgrade version of jQuery in package.json. I think it will not cause any problems for you.
0

Mitch created 3 years ago

I first updated to 3,5,1 and tested. All was ok. I've now updated to 3.6.0 and that seems fine too.

Many thanks for your help.

Have an answer to this question? Log in and write your answer.