Difference between revisions of "Jquery Vulnerabilities"

From Documentation
(Created page with " ZK framework includes a customized jQuery library. Replacing that bundled jQuery in ZK to solve its security vulnerability isn't an option. Because there are both zk-specific...")
 
m
Line 1: Line 1:
  
ZK framework includes a customized jQuery library. Replacing that bundled jQuery in ZK to solve its security vulnerability isn't an option. Because there are both zk-specific customizations and jQuery introduced additional breaking changes. You have to upgrade ZK.  
+
ZK framework includes a customized jQuery library. Replacing that bundled jQuery in ZK to solve its security vulnerability isn't an option. This is because ZK and jQuery are deeply integrated with zk-specific customizations. Also, JQuery introduces breaking changes between major versions. Simply replacing jQuery won’t work.
 +
 
 +
To address this, please upgrade ZK to a patched version or a non-affected version.  
  
 
{|  class="wikitable" | width="100%"
 
{|  class="wikitable" | width="100%"

Revision as of 07:28, 15 April 2022

ZK framework includes a customized jQuery library. Replacing that bundled jQuery in ZK to solve its security vulnerability isn't an option. This is because ZK and jQuery are deeply integrated with zk-specific customizations. Also, JQuery introduces breaking changes between major versions. Simply replacing jQuery won’t work.

To address this, please upgrade ZK to a patched version or a non-affected version.

ZK version
jQuery Status
Fixed Vulnerabilities
9.1.0 or above 3.5.1
9.0.0 1.12.4

8.6.4.1
8.6.3.1
8.6.0.2
8.5.1.3
8.5.0.1

1.10.2 with security patches

You can check zk-bundled jQuery version by this js variable jq.fn.jquery.