Base solution for your next web application
Open Closed

Change ANZ to use jQuery 3.6.0 rather than 3.4.1 to avoid XSS vulnerabilities. #10631


User avatar
0
Mitch created
  • What is your product version? 10.5
  • What is your product type (Angular or MVC)?MVC
  • What is product framework type (.net framework or .net core)?.Core

We've just run a Security check on ANZ 10.5 and it has failed due to the version of jQuery being 3.4.1. The exact description was "jQuery v3.4.1 contains multiple known cross-site scripting vulnerabilities. All versions prior to 3.5.0 are vulnerable."

Without wishing to make too many changes to ANZ, what is the correct way to update the version of jQuery that ANZ uses?


2 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @Mitch

    You can upgrade version of jQuery in package.json. I think it will not cause any problems for you.

  • User Avatar
    0
    Mitch created

    I first updated to 3,5,1 and tested. All was ok. I've now updated to 3.6.0 and that seems fine too.

    Many thanks for your help.