JQuery version in API Portal

book

Article ID: 193896

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

Is there any planned patch for upgrading jquery version from 3.4.1 to 3.5? Security vulnerabilities are detected regarding this version of jquery.(CVE-2020-11022, CVE-2020-11023.) Customer's products need to be PCI-DSS compliant and with this version they are out of this compliance.

 

Environment

Release : 3.5

Component : API PORTAL

Resolution

We will be updating the jQuery library to 3.5.1 with CR17. 
With respect to the two CVEs - the risk within the portal is minimal, the portal does not load in html from untrusted sources.

Download the CR from the "CA API Developer Portal Solutions & Patches".