> I would like to hear more details about why you want to upgrade jQuery.
I'm copying this out-of-thread reply because I think it's important for anyone who's watching this issue: On Wed, Jul 31, 2019 at 7:56 PM Ing. Marcos Rene Alvarez Moreno <mralvar...@dgb.unam.mx> wrote: > The reason for updating jquery is because the jQuery library in versions > prior to 3.0.0 is vulnerable to Cross Site Scripting (XSS) attacks when > a request is made type Ajax to other domains if the dataType option is > not specified. > It is specified in the jQuery Library vulnerable to XSS - CVE-2015-9251. A direct link: https://nvd.nist.gov/vuln/detail/CVE-2015-9251 I want to point out that one aspect of the original post in this conversation is incorrect: 18.11.x uses jQuery 2.2.3 (not 1.7) However, the issue is the same: The fix for the vulnerability was not packported from jQuery 3 to earlier versions. Note that there is a non-upgrading option for fixing the problem suggested here: https://github.com/jquery/jquery/issues/2432#issuecomment-403761229 Updating Koha to use jQuery 3.0 is certainly the way forward but is not an immediate fix. Thanks for raising this issue, -- Owen -- Web Developer Athens County Public Libraries https://www.myacpl.org _______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha