WordPress.org

Make WordPress Core

Opened 13 months ago

Closed 13 months ago

Last modified 5 months ago

#45310 closed defect (bug) (duplicate)

Outdated jQuery

Reported by: ale5000 Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.9.8
Component: External Libraries Keywords:
Focuses: Cc:
PR Number:

Description

WordPress 4.9.8 use jQuery v1.12.4, see here: https://github.com/WordPress/WordPress/blob/master/wp-includes/js/jquery/jquery.js

A vulnerability is present in this version of jQuery, see here: https://snyk.io/vuln/npm:jquery?lh=1.12.4
Detected also in Audits of Google Chrome developer tools.

Change History (3)

#1 @swissspidy
13 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hello to WordPress Trac and thanks for opening this ticket!

This has been previously reported a few times, most recently in #45015.

That task is probably best covered by ticket #37110 though, which is about upgrading jQuery.

Note that we're currently still on 1.12 mainly because of browser support.

#2 @consultingroupitaly
13 months ago

Is the fix of the vulnerability backported to jQuery v1.12.4?

#3 @remzicavdar
5 months ago

Hi @ale5000 and @consultingroupitaly

I could recommend a plugin I developed for this specific reason: https://wordpress.org/plugins/jquery-manager/

In this way you're not dependent on the bundled WP jQuery.

Note: See TracTickets for help on using tickets.