[wp-trac] [WordPress Trac] #37110: Update to jQuery 3.*

WordPress Trac noreply at wordpress.org
Sat Apr 25 16:20:50 UTC 2020


#37110: Update to jQuery 3.*
-------------------------------------------------+-------------------------
 Reporter:  jorbin                               |       Owner:  (none)
     Type:  task (blessed)                       |      Status:  new
 Priority:  normal                               |   Milestone:  Future
                                                 |  Release
Component:  External Libraries                   |     Version:
 Severity:  critical                             |  Resolution:
 Keywords:  early has-patch needs-testing        |     Focuses:  javascript
  needs-dev-note needs-screenshots needs-        |
  refresh                                        |
-------------------------------------------------+-------------------------

Comment (by bigcloudmedia):

 Replying to [comment:113 galbaras]:
 > One point that may have been missed along the way: the WP version of
 jQuery is safe, and loaded with `?ver=1.12.4-wp`, yet the security service
 still identifies it as 1.12.4, because inside the file, that's still the
 version number.
 >
 > If there is no major significance to the inline version number, why not
 just change it and get rid of the security alert? Sure seems like a small,
 easy change to me.
 >
 > Another way is to contribute the safe WP jQuery version back to jQuery
 as version 1.12.5, and change the inline version and URL version, because
 it will be official.

 Speaking from direct experience with two different scanning companies in
 the past year, it gets flagged because it's *not* safe—they test for the
 known vulnerabilities directly and it comes back with known deficiencies
 (old and new) in those versions.  Changing the version number to try and
 prevent it from getting flagged is no better than rolling the odometer
 back so you can say, "See!  Low mileage!  No problem here!"

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/37110#comment:114>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list