Need clarification on portal jQuery version.
search cancel

Need clarification on portal jQuery version.

book

Article ID: 273574

calendar_today

Updated On:

Products

CA API Developer Portal

Issue/Introduction

Could you please share the jQuery-UI and jQuery versions of devportal 5.2.1.

We have upgraded the UAT portal to version 5.2.1, and still InfoSec is getting older versions of JQ UI and JQ. 

Could you please help us with the JQ versions in devportal.

Environment

Release : 5.2.1

Cause

jQuery 1.11 0 vulnerable:

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) Passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. . html() , . append() , and others) may execute untrusted code.

Resolution

Resolution: upgrade the jquery UI version to 1.13.2 or higher because jQuery UI versions prior to 1.13.2 are affected by a cross-site scripting (XSS). 

Portal 5.2.2 updated to 1.13.2