upgrading jquery to 3.5.1 on concrete5 8.5.5
I need to update Jquery from 3.3.2-1 to 3.5.1 this is on Concrete5 8.5.5
What are the risks on doing this?
Any guidance on the steps to do it?
Why do you need to update the core jquery in concrete5?
Any experience at this?
I have dropped the latest version into a test version which seems to be working ok, just wanted to be sure there aren't any hidden issues.
hypothetical - the version of jquery has a theoretical security weakness, which is not acceptable, even if the functionality with the weakness is never called.
real - security has been breached by a penetration test.
From the Pen testing company
According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities. Note, the vulnerabilities referenced in this test have no security impact on PAN-OS, and/or the scenarios required for successful exploitation do not exist on devices running a PAN-OS release.
The client requires this to be resolved hence the question.
Is there a preferred group to do this through?
If there is a security issue that affects all sites, they usually get a new version out quick, or at least a patch on github. Which may in turn be the fastest solution to your original question.