Hi,
The recent version has a dependency on jQuery 1.12.4. This is strange for me as previous versions were including 1.12.3. The version 1.12.4 has a serious security vulnerability https://snyk.io/test/npm/jquery/1.12.4?severity=high&severity=medium&severity=low . On the other hand 1.12.3 does not have it https://snyk.io/test/npm/jquery/1.12.3?severity=high&severity=medium&severity=low.
So my questions:
1) Why the version was upgraded?
2) Is it save to replace jquery.min.js content with the 1.12.3 version ?
3) Is it save to replace jquery.min.js content with the 3.x version ? I have found the compatibility list for UI for jQuery (https://docs.telerik.com/kendo-ui/intro/installation/prerequisites#supported-jquery-versions) - I hope MVC is the same code with additional MVC wrappers.
1 Answer, 1 is accepted
We strive to update to the latest available version of jQuery when they come out. It's okay to use the 1.12.3 version, as we maintain backwards compatibility.
Kendo is also compatible with jQuery 3, so you can use it in your project as well. As you suspected, the javascript code used by the MVC Wrappers is the same as the native jQuery Kendo, so the compatibility table is the same.
Regards,
Bozhidar
Progress Telerik
Rank 1
Our security scanning software tagged jQuery version 1.12.4 as vulnerable and recommends an upgrade to 3.7.1. I've done a lot of searching for information on how to do the upgrade but I've yet to find any information on how to do it. Can someone please tell me how to upgrade jQuery on a Windows 2019 IIS web server? Apparently one of our COTS application uses jQuery library.
Thanks,
Phil
Hi Phil,
Thank you for the details provided.
In order to download the desired jQuery version, I would recommend the following:
For the update process:
As this thread was opened for MVC, I would recommend using the approach where jQuery is used by the following link in the _Layout of the project:
<script src="https://code.jquery.com/jquery-3.7.1.min.js"></script>Kind Regards,
Anton Mironov