Hi,

The recent version has a dependency on jQuery 1.12.4. This is strange for me as previous versions were including 1.12.3. The version 1.12.4 has a serious security vulnerability https://snyk.io/test/npm/jquery/1.12.4?severity=high&severity=medium&severity=low . On the other hand 1.12.3 does not have it https://snyk.io/test/npm/jquery/1.12.3?severity=high&severity=medium&severity=low.

So my questions:

1) Why the version was upgraded?

2) Is it save to replace jquery.min.js content with the 1.12.3 version ?

3) Is it save to replace jquery.min.js content with the 3.x version ? I have found the compatibility list for UI for jQuery (https://docs.telerik.com/kendo-ui/intro/installation/prerequisites#supported-jquery-versions) - I hope MVC is the same code with additional MVC wrappers.

Hello,

We strive to update to the latest available version of jQuery when they come out. It's okay to use the 1.12.3 version, as we maintain backwards compatibility. 

Kendo is also compatible with jQuery 3, so you can use it in your project as well. As you suspected, the javascript code used by the MVC Wrappers is the same as the native jQuery Kendo, so the compatibility table is the same.

Regards,
Bozhidar
Progress Telerik